CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2008-1927 – perl: heap corruption by regular expressions with utf8 characters
https://notcve.org/view.php?id=CVE-2008-1927
23 Apr 2008 — Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. Vulnerabilidad de doble liberacioón en Perl 5.8.8 permite a los atacantes, dependiendo del contexto, causar una denegación de servicio (corrupción de memoria y caida) a través de expresiones regulares manipuladas conteniendo caracteres UTF8. NOTE: ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 11%CPEs: 51EXPL: 0CVE-2007-5116 – perl regular expression UTF parsing errors
https://notcve.org/view.php?id=CVE-2007-5116
06 Nov 2007 — Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Desbordamiento de búfer en el soporte opcode polimórfico del Motor de Expresiones Regulares (regcomp.c) en Perl 5.8 permite a atacantes dependientes de contexto ejecutar código de su elección cambiando de byte a caracteres Unicode (UTF) en una expresión regular. Will ... • ftp://aix.software.ibm.com/aix/efixes/security/README • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2005-4278
https://notcve.org/view.php?id=CVE-2005-4278
16 Dec 2005 — Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. • http://secunia.com/advisories/17232 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3962 – Trustix Secure Linux Security Advisory 2005.70
https://notcve.org/view.php?id=CVE-2005-3962
01 Dec 2005 — Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted form... • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2005-0448 – dsa-696.txt
https://notcve.org/view.php?id=CVE-2005-0448
12 Mar 2005 — Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. Paul Szabo discovered another vulnerability in the File::Path::rmtree function of perl, the popular scripting language. When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permission... • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U •
CVSS: 9.1EPSS: 0%CPEs: 32EXPL: 3CVE-2005-0156 – Setuid perl - 'PerlIO_Debug()' Local Overflow
https://notcve.org/view.php?id=CVE-2005-0156
07 Feb 2005 — Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. The PerlIO package for Perl 5.8.0 suffers from a flaw where PERLIO_DEBUG is susceptible to a buffer overflow that allows for local root compromise when using setuid perl. • https://packetstorm.news/files/id/36092 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2005-0155 – Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-0155
07 Feb 2005 — The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. The PerlIO package for Perl 5.8.0 suffers from a flaw where manipulation of the filename set in PERLIO_DEBUG allows for local root compromise when using setuid perl. • https://packetstorm.news/files/id/36090 •
CVSS: 9.8EPSS: 6%CPEs: 20EXPL: 2CVE-2004-2286 – ActivePerl 5.x / Larry Wall Perl 5.x - Duplication Operator Integer Overflow
https://notcve.org/view.php?id=CVE-2004-2286
31 Dec 2004 — Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow. • https://www.exploit-db.com/exploits/24130 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-0452 – Ubuntu Security Notice 44-1
https://notcve.org/view.php?id=CVE-2004-0452
21 Dec 2004 — Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. A race condition and possible information leak has been discovered in Perl's File::Path::rmtree(). This function changes the permission of files and directories before removing them to avoid problems with wrong permissions. However, they were made rea... • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2004-0976
https://notcve.org/view.php?id=CVE-2004-0976
20 Oct 2004 — Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. • http://fedoranews.org/updates/FEDORA--.shtml •