Vulnerability Details : CVE-2005-3962
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Vulnerability category: OverflowExecute code
Products affected by CVE-2005-3962
- cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3962
0.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3962
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2005-3962
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-3962
-
http://www.redhat.com/support/errata/RHSA-2005-880.html
SupportVendor Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
-
http://www.trustix.org/errata/2005/0070
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.osvdb.org/21345
404 Not Found
-
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
Apple - Lists.apple.com
-
http://www.redhat.com/support/errata/RHSA-2005-881.html
SupportVendor Advisory
-
http://www.osvdb.org/22255
404 Not Found
-
http://secunia.com/advisories/17993
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/18413
About Secunia Research | FlexeraVendor Advisory
-
http://www.ipcop.org/index.php?name=News&file=article&sid=41
Just a moment...
-
http://www.openbsd.org/errata37.html#perl
OpenBSD 3.7 Errata
-
http://secunia.com/advisories/17802
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/18517
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/23155
About Secunia Research | FlexeraVendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
-
http://secunia.com/advisories/18075
About Secunia Research | FlexeraVendor Advisory
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)
-
http://secunia.com/advisories/17762
About Secunia Research | FlexeraVendor Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
-
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
Perl: Format string errors can lead to code execution (GLSA 200512-01) — Gentoo security
-
http://www.securityfocus.com/archive/1/438726/100/0/threaded
-
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
404 Not Found
-
http://www.securityfocus.com/archive/1/418333/100/0/threaded
-
http://docs.info.apple.com/article.html?artnum=304829
-
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
Mandriva
-
http://www.kb.cert.org/vuls/id/948385
VU#948385 - Perl contains an integer sign error in format string processingUS Government Resource
-
http://secunia.com/advisories/18183
About Secunia Research | FlexeraVendor Advisory
-
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
-
http://secunia.com/advisories/17952
About Secunia Research | FlexeraVendor Advisory
-
https://usn.ubuntu.com/222-1/
404: Page not found | Ubuntu
-
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
'[Full-disclosure] Perl format string integer wrap vulnerability' - MARC
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
404 Not Found
-
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Page Not Found | CISAUS Government Resource
-
http://secunia.com/advisories/18187
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/17941
About Secunia Research | FlexeraVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
404 Not Found
-
http://www.vupen.com/english/advisories/2006/4750
Site en construction
-
http://www.novell.com/linux/security/advisories/2005_71_perl.html
404 Page Not Found | SUSE
-
http://www.securityfocus.com/bid/15629
-
http://www.novell.com/linux/security/advisories/2005_29_sr.html
404 Page Not Found | SUSE
-
http://www.dyadsecurity.com/perl-0002.html
Patch;Vendor Advisory
-
http://secunia.com/advisories/18295
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/17844
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2005/2688
Site en construction
-
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
-
http://secunia.com/advisories/20894
About Secunia Research | FlexeraVendor Advisory
-
http://www.debian.org/security/2006/dsa-943
[SECURITY] [DSA 943-1] New Perl packages fix arbitrary code execution
-
http://www.vupen.com/english/advisories/2006/0771
Site en construction
-
http://secunia.com/advisories/31208
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2006/2613
Site en constructionVendor Advisory
-
http://secunia.com/advisories/19041
About Secunia Research | FlexeraVendor Advisory
Jump to