Page 5 of 23 results (0.009 seconds)

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." Las funciones (1) S_reghop3, (2) S_reghop4 y (3) S_reghopmaybe3 en regexec.c en Perl en versiones anteriores a 5.24.0 permiten a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito) a través de datos utf-8 manipulados, según lo demostrado por "a\x80". • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5 http://www.openwall.com/lists/oss-security/2016/04/20/5 http://www.openwall.com/lists/oss-security/2016/04/20/7 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/86707 https://bugzilla.redhat.com/ • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. Las funciones VDir::MapPathA y VDir::MapPathW en Perl 5.22 permiten a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) y posiblemente ejecutar código arbitrario a través de un argumento (1) letra de unidad o (2) pInName manipulados. • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html https://rt.perl.org/Public/Bug/Display.html?id=126755 https://www.oracle.com/security-alerts/cpujul2020.html • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Perl podría permitir a atacantes dependientes de contexto eludir los mecanismos de protección taint en un proceso hijo a través de variables de entorno duplicadas en envp. • http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 http://www.debian.org/security/2016/dsa-3501 http://www.gossamer-threads.com/lists/perl/porters/326387 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/b • CWE-20: Improper Input Validation •