CVE-2011-2939 – Perl decode_xs heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2011-2939
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. Error "Off-by-one" en la función decode_xs en Unicode/Unicode.xs en el módulo Encode anterior a v2.44, utilizado en Perl anterior a v5.15.6 , podría permitir a atacantes dependientes de contexto causar una denegación de servicio (corrupción de memoria) a través de un cadena de Unicode especialmente creada, provocando un desbordamiento de búfer basado en memoria dinámica (heap). • http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29 http://secunia.com/advisories/46172 http://secunia.com/advisories/46989 http://secunia.com/advisories/51457 http://secunia.com/advisories/55314 http://www.mandriva.com/security/advisories?name=MDVSA-2012:008 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVE-2011-1487 – Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass
https://notcve.org/view.php?id=CVE-2011-1487
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. Las funciones (1) lc, (2) lcfirst, (3) uc, y (4) ucfirst en Perl v5.10.x, v5.11.x, y v5.12.x hasta v5.12.3, y v5.13.x hasta v5.13.11, no aplica el atributo taint para devolver el valor sobre el proceso de entrada tainted, lo que puede permitir a atacantes dependientes del contexto evitar el mecanismo de protección de taint a través de una cadena manipulada. • https://www.exploit-db.com/exploits/35554 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://openwall.com/lists/oss-security/2011/04/01/3 http://openwall.com/lists/oss-security/2011/04/04/35 http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99 http://rt.perl.org/rt3/Publ • CWE-264: Permissions, Privileges, and Access Controls •