Vulnerability Details : CVE-2007-5116
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-5116
- cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:o:redhat:enterprise_linux:1.0:*:application_stack:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.4:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.3:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.4.5:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.4.2:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.4.2.3:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.4.3:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.4.4:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.4.1:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:larry_wall:perl:5.8.6:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
- cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 EditionWhen used together with: Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
Exploit prediction scoring system (EPSS) score for CVE-2007-5116
11.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5116
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-5116
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5116
-
http://secunia.com/advisories/27546
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2008/0641
Site en construction
-
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244
IBM notice: The page you requested cannot be displayed
-
http://secunia.com/advisories/28368
About Secunia Research | Flexera
-
http://secunia.com/advisories/28387
About Secunia Research | Flexera
-
https://issues.rpath.com/browse/RPL-1813
-
http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml
Perl: Buffer overflow (GLSA 200711-28) — Gentoo security
-
http://www.vupen.com/english/advisories/2007/4238
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://docs.info.apple.com/article.html?artnum=307179
-
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html
-
http://www.ubuntu.com/usn/usn-552-1
USN-552-1: Perl vulnerability | Ubuntu security notices | Ubuntu
-
http://www.securityfocus.com/archive/1/486859/100/0/threaded
-
https://bugzilla.redhat.com/show_bug.cgi?id=378131
378131 – CVE-2007-5116 perl regular expression UTF parsing errors [f7]
-
http://www.debian.org/security/2007/dsa-1400
[SECURITY] [DSA 1400-1] New perl packages fix arbitrary code execution
-
http://www.ipcop.org/index.php?name=News&file=article&sid=41
Just a moment...
-
http://www.vupen.com/english/advisories/2007/4255
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669
404 Not Found
-
http://secunia.com/advisories/28167
About Secunia Research | Flexera
-
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Page Not Found | CISAUS Government Resource
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:207
MandrivaPatch
-
http://secunia.com/advisories/29074
About Secunia Research | Flexera
-
http://www.securityfocus.com/archive/1/485936/100/0/threaded
-
http://www.vupen.com/english/advisories/2008/0064
Site en construction
-
http://secunia.com/advisories/28993
About Secunia Research | Flexera
-
http://secunia.com/advisories/27936
About Secunia Research | Flexera
-
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
502 Bad Gateway
-
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220
IBM notice: The page you requested cannot be displayed
-
http://secunia.com/advisories/27515
About Secunia Research | Flexera
-
http://www.redhat.com/support/errata/RHSA-2007-1011.html
Support
-
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
-
http://secunia.com/advisories/27613
About Secunia Research | Flexera
-
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1
-
http://www.securityfocus.com/archive/1/483584/100/0/threaded
-
http://secunia.com/advisories/27756
About Secunia Research | Flexera
-
http://marc.info/?l=bugtraq&m=120352263023774&w=2
'[security bulletin] HPSBTU02311 SSRT080001 rev.1 - HP Tru64 UNIX running Perl, Remote Execution of A' - MARC
-
http://secunia.com/advisories/27531
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/archive/1/483563/100/0/threaded
-
http://securitytracker.com/id?1018899
Access Denied
-
http://secunia.com/advisories/27548
About Secunia Research | Flexera
-
http://secunia.com/advisories/27479
About Secunia Research | Flexera
-
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
Support Content Notification - Support Portal - Broadcom support portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=323571
323571 – (CVE-2007-5116) CVE-2007-5116 perl regular expression UTF parsing errors
-
ftp://aix.software.ibm.com/aix/efixes/security/README
-
http://secunia.com/advisories/27570
About Secunia Research | Flexera
-
http://www.novell.com/linux/security/advisories/2007_24_sr.html
Security - Support | SUSE
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38270
Perl Unicode regular expressions buffer overflow CVE-2007-5116 Vulnerability Report
-
http://www.securityfocus.com/bid/26350
-
http://www.vupen.com/english/advisories/2007/3724
Site en construction
-
http://secunia.com/advisories/31208
About Secunia Research | Flexera
-
http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm
ASA-2008-014 (RHSA-2007-0966)
-
http://www.redhat.com/support/errata/RHSA-2007-0966.html
Support
Jump to