Strawberry Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Strawberry Perl and is prone to heap based buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator. Impact Level: System/Application

Solution

Upgrade to Strawberry Perl 5.12.5, 5.14.3, 15.15.5 or later, For updates refer to http://strawberryperl.com

Insight

The Perl_repeatcpy() function in util.c fails to properly sanitize user supplied input while handling the string repeat operator.

Affected

Strawberry Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3 and 5.15.x before 15.15.5 on Windows

References

http://secunia.com/advisories/51457
http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
http://www.osvdb.org/86854

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5195
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
Cyrus SASL Remote Buffer Overflow Vulnerability
Adobe Reader Integer Overflow Vulnerability - Jan 12 (Linux)
Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win)

Take action and discover your vulnerabilities