Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Active Perl and is prone to heap based buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator. Impact Level: System/Application

Solution

Upgrade to Active Perl 5.12.5, 5.14.3, 15.15.5 or later, For updates refer to http://www.perl.org/get.html

Insight

The Perl_repeatcpy() function in util.c fails to properly sanitize user supplied input while handling the string repeat operator.

Affected

Active Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3 and 5.15.x before 15.15.5 on Windows

References

http://secunia.com/advisories/51457
http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
http://www.osvdb.org/86854

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5195
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Beatport Player '.m3u' File Buffer Overflow Vulnerability
Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux)
Audacity Buffer Overflow Vulnerability (Win)
ALZip MIM File Processing Buffer Overflow Vulnerability

Take action and discover your vulnerabilities