CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2013-1667

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Publish Date : 2013-03-13 Last Update Date : 2017-09-18
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
7.5
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Denial Of Service
CWE ID 399

- Related OVAL Definitions

Title Definition Id Class Family
DEPRECATED: ELSA-2013-0685 -- perl security update (moderate) oval:org.mitre.oval:def:27634 unix
DEPRECATED: ELSA-2013:0685: perl security update (Moderate) oval:org.mitre.oval:def:23419 unix
DEPRECATED: Security vulnerabilities in Perl for AIX oval:org.mitre.oval:def:20923 unix
DSA-2641-1 perl - rehashing flaw oval:org.mitre.oval:def:18107 unix
DSA-2641-2 -- perl -- rehashing flaw oval:org.mitre.oval:def:29021 unix
ELSA-2013:0685: perl security update (Moderate) oval:org.mitre.oval:def:23712 unix
HP-UX running perl, Remote Denial of Service (DoS) oval:org.mitre.oval:def:18771 unix
RHSA-2013:0685: perl security update (Moderate) oval:org.mitre.oval:def:20994 unix
RHSA-2013:0685: perl security update (Moderate) oval:com.redhat.rhsa:def:20130685 unix
Security vulnerabilities in Perl for AIX oval:org.mitre.oval:def:20945 unix
SUSE-SU-2013:0441-1 -- Security update for Perl oval:org.mitre.oval:def:26263 unix
SUSE-SU-2013:0442-1 -- Security update for Perl oval:org.mitre.oval:def:26050 unix
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2013-1667

# Product Type Vendor Product Version Update Edition Language
1 Application Perl Perl 5.8.2 Version Details Vulnerabilities
2 Application Perl Perl 5.8.3 Version Details Vulnerabilities
3 Application Perl Perl 5.8.4 Version Details Vulnerabilities
4 Application Perl Perl 5.8.5 Version Details Vulnerabilities
5 Application Perl Perl 5.8.6 Version Details Vulnerabilities
6 Application Perl Perl 5.8.7 Version Details Vulnerabilities
7 Application Perl Perl 5.8.8 Version Details Vulnerabilities
8 Application Perl Perl 5.8.9 Version Details Vulnerabilities
9 Application Perl Perl 5.8.10 Version Details Vulnerabilities
10 Application Perl Perl 5.10 Version Details Vulnerabilities
11 Application Perl Perl 5.10.0 RC2 Version Details Vulnerabilities
12 Application Perl Perl 5.10.0 RC1 Version Details Vulnerabilities
13 Application Perl Perl 5.10.0 Version Details Vulnerabilities
14 Application Perl Perl 5.10.1 RC2 Version Details Vulnerabilities
15 Application Perl Perl 5.10.1 RC1 Version Details Vulnerabilities
16 Application Perl Perl 5.10.1 Version Details Vulnerabilities
17 Application Perl Perl 5.11.0 Version Details Vulnerabilities
18 Application Perl Perl 5.11.1 Version Details Vulnerabilities
19 Application Perl Perl 5.11.2 Version Details Vulnerabilities
20 Application Perl Perl 5.11.3 Version Details Vulnerabilities
21 Application Perl Perl 5.11.4 Version Details Vulnerabilities
22 Application Perl Perl 5.11.5 Version Details Vulnerabilities
23 Application Perl Perl 5.12.0 Version Details Vulnerabilities
24 Application Perl Perl 5.12.0 RC0 Version Details Vulnerabilities
25 Application Perl Perl 5.12.0 RC4 Version Details Vulnerabilities
26 Application Perl Perl 5.12.0 RC1 Version Details Vulnerabilities
27 Application Perl Perl 5.12.0 RC2 Version Details Vulnerabilities
28 Application Perl Perl 5.12.0 RC3 Version Details Vulnerabilities
29 Application Perl Perl 5.12.0 RC5 Version Details Vulnerabilities
30 Application Perl Perl 5.12.1 RC1 Version Details Vulnerabilities
31 Application Perl Perl 5.12.1 Version Details Vulnerabilities
32 Application Perl Perl 5.12.1 RC2 Version Details Vulnerabilities
33 Application Perl Perl 5.12.2 Version Details Vulnerabilities
34 Application Perl Perl 5.12.2 RC1 Version Details Vulnerabilities
35 Application Perl Perl 5.12.3 RC2 Version Details Vulnerabilities
36 Application Perl Perl 5.12.3 RC1 Version Details Vulnerabilities
37 Application Perl Perl 5.12.3 Version Details Vulnerabilities
38 Application Perl Perl 5.12.3 RC3 Version Details Vulnerabilities
39 Application Perl Perl 5.12.4 Version Details Vulnerabilities
40 Application Perl Perl 5.13.0 Version Details Vulnerabilities
41 Application Perl Perl 5.13.1 Version Details Vulnerabilities
42 Application Perl Perl 5.13.2 Version Details Vulnerabilities
43 Application Perl Perl 5.13.3 Version Details Vulnerabilities
44 Application Perl Perl 5.13.4 Version Details Vulnerabilities
45 Application Perl Perl 5.13.5 Version Details Vulnerabilities
46 Application Perl Perl 5.13.6 Version Details Vulnerabilities
47 Application Perl Perl 5.13.7 Version Details Vulnerabilities
48 Application Perl Perl 5.13.8 Version Details Vulnerabilities
49 Application Perl Perl 5.13.9 Version Details Vulnerabilities
50 Application Perl Perl 5.13.10 Version Details Vulnerabilities
51 Application Perl Perl 5.13.11 Version Details Vulnerabilities
52 Application Perl Perl 5.14.0 Version Details Vulnerabilities
53 Application Perl Perl 5.14.0 RC3 Version Details Vulnerabilities
54 Application Perl Perl 5.14.0 RC2 Version Details Vulnerabilities
55 Application Perl Perl 5.14.0 RC1 Version Details Vulnerabilities
56 Application Perl Perl 5.14.1 Version Details Vulnerabilities
57 Application Perl Perl 5.14.2 Version Details Vulnerabilities
58 Application Perl Perl 5.14.3 Version Details Vulnerabilities
59 Application Perl Perl 5.16.0 Version Details Vulnerabilities
60 Application Perl Perl 5.16.1 Version Details Vulnerabilities
61 Application Perl Perl 5.16.2 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Perl Perl 61

- References For CVE-2013-1667

http://rhn.redhat.com/errata/RHSA-2013-0685.html
REDHAT RHSA-2013:0685
http://www.ubuntu.com/usn/USN-1770-1
UBUNTU USN-1770-1
https://bugzilla.redhat.com/show_bug.cgi?id=912276
https://exchange.xforce.ibmcloud.com/vulnerabilities/82598
XF perl-rehash-dos(82598)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094 CONFIRM
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html CONFIRM
http://www.securityfocus.com/bid/58311
BID 58311 Perl CVE-2013-1667 Input Rehashing Denial of Service Vulnerability Release Date:2016-07-29
http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
MLIST [perl.perl5.porters] 20130304 CVE-2013-1667: important rehashing flaw
http://www.debian.org/security/2013/dsa-2641
DEBIAN DSA-2641
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
MANDRIVA MDVSA-2013:113
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 CONFIRM
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
APPLE APPLE-SA-2013-10-22-3
http://perl5.git.perl.org/perl.git/commitdiff/d59e31f CONFIRM
http://perl5.git.perl.org/perl.git/commitdiff/9d83adc CONFIRM
http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5 CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 CONFIRM
http://marc.info/?l=bugtraq&m=137891988921058&w=2
HP HPSBUX02928
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296

- Metasploit Modules Related To CVE-2013-1667

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.