CVE-2005-3962

2005-12-01 18:03:00 2018-10-19 17:39:39

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Perl 5.9.2 Perl 5.8.6

Perl - Perl

Advisory	Patch	Confirmed	Link
			FLSA-2006:176731
			USN-222-1
			ADV-2006-4750
			ADV-2006-2613
			ADV-2006-0771
			ADV-2005-2688
			TA06-333A
			15629
			TSLSA-2005-0070
			HPSBTU02125
			20051201 Perl format string integer wrap vulnerability
			OpenPKG-SA-2005.025
			RHSA-2005:880
			RHSA-2005:881
			[3.7] 20060105 007: SECURITY FIX: January 5, 2006
			SUSE-SA:2005:071
			SUSE-SR:2005:029
			MDKSA-2005:225
			http://www.ipcop.org/index.php?name=News&file=article&si...
			VU#948385
			GLSA-200512-01
			102192
			http://support.avaya.com/elmodocs2/security/ASA-2006-081...
			DSA-943
			http://www.dyadsecurity.com/perl-0002.html
			20051201 Perl format string integer wrap vulnerability
			CLSA-2006:1056
			APPLE-SA-2006-11-28
			http://docs.info.apple.com/article.html?artnum=304829
			20060101-01-U
			ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001...
			ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007...

CVE-2005-3962

2005-12-01 18:03:00 2018-10-19 17:39:39

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)