SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2005-3962

Date: (C)2005-12-01 (M)2023-12-22

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SUNALERT-102192

http://www.securityfocus.com/archive/1/418333/100/0/threaded

APPLE-SA-2006-11-28

FLSA-2006:176731

OpenPKG-SA-2005.025

SUSE-SA:2005:071

SUSE-SR:2005:029

TSLSA-2005-0070

http://www.openbsd.org/errata37.html#perl

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch

http://docs.info.apple.com/article.html?artnum=304829

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://www.dyadsecurity.com/perl-0002.html

http://www.ipcop.org/index.php?name=News&file=article&sid=41

oval:org.mitre.oval:def:10598

oval:org.mitre.oval:def:1074

cpe:/a:perl:perl:5.8.6
cpe:/a:perl:perl:5.9.2

© SecPod Technologies