PT-2005-4702 · Perl+1 · Perl+1

Jack Louis

Published

2005-12-01

Updated

2024-06-15

CVE-2005-3962

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Perl versions 5.8.6 through 5.9.2

Description The issue is related to an integer overflow in the format string functionality, specifically in the Perl sv vcatpvfn function. This allows attackers to potentially overwrite arbitrary memory and execute arbitrary code by using format string specifiers with large values, causing an integer wrap that leads to a buffer overflow.

Recommendations For Perl versions 5.8.6 through 5.9.2, consider applying configuration changes to restrict the use of format string specifiers until a patch is available. As a temporary workaround, restrict access to the Perl sv vcatpvfn function to minimize the risk of exploitation. Avoid using large values in format string specifiers in the affected Perl applications until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2005-3962

DSA-943-1

OPENSUSE-SU-2024:11158-1

RHSA-2005:880

RHSA-2005:881

RHSA-2005_880

RHSA-2005_881

Affected Products

Perl

Red Hat

PT-2005-4702 · Perl+1 · Perl+1

CVE-2005-3962

Weakness Enumeration

Related Identifiers

Affected Products

References · 73