PT-2012-5832 · Perl+2 · Perl+2

Tim Brown

Published

2012-12-18

Updated

2016-12-08

CVE-2012-5195

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Perl versions 5.12.x through 5.12.4 Perl versions 5.14.x through 5.14.2 Perl versions 5.15.x through 5.15.4

Description The issue is related to a heap-based buffer overflow in the Perl repeatcpy function, which can be exploited by context-dependent attackers. This can lead to a denial of service due to memory consumption and crash, or potentially allow the execution of arbitrary code. The exploitation is possible via the 'x' string repeat operator.

Recommendations For Perl versions 5.12.x through 5.12.4, update to version 5.12.5 or later. For Perl versions 5.14.x through 5.14.2, update to version 5.14.3 or later. For Perl versions 5.15.x through 5.15.4, update to version 5.15.5 or later.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CESA-2013_0685

CVE-2012-5195

DSA-2586-1

RHSA-2013:0685

RHSA-2013_0685

Affected Products

Centos

Perl

Red Hat

PT-2012-5832 · Perl+2 · Perl+2

CVE-2012-5195

Weakness Enumeration

Related Identifiers

Affected Products

References · 41