CVE-2004-2286 – ActivePerl 5.x / Larry Wall Perl 5.x - Duplication Operator Integer Overflow
https://notcve.org/view.php?id=CVE-2004-2286
Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow. • https://www.exploit-db.com/exploits/24130 http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html http://www.securityfocus.com/bid/10380 https://exchange.xforce.ibmcloud.com/vulnerabilities/16224 •
CVE-2004-2022 – ActivePerl 5.x / Cygwin 1.5.x - System Function Call Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-2022
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl. • https://www.exploit-db.com/exploits/24128 http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html http://marc.info/?l=bugtraq&m=108489894009025&w=2 http://marc.info/?l=full-disclosure&m=108482796105922&w=2 http://marc.info/?l=full-disclosure&m=108483058514596&w=2 http://marc.info/?l=full-disclosure&m=108489112131099&w=2 http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt http://www.perlmonks.org/index.pl? •