| Vulnerability Name: | CVE-2012-5195 (CCN-79639) |
| Assigned: | 2012-10-10 |
| Published: | 2012-10-10 |
| Updated: | 2016-12-08 |
| Summary: | Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator. |
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-119
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2012-5195
Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
Source: CONFIRM
Type: Patch, Vendor Advisory
http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44
Source: CCN
Type: Perl Web site
Perl
Source: CCN
Type: RHSA-2013-0685
Moderate: perl security update
Source: REDHAT
Type: UNKNOWN
RHSA-2013:0685
Source: SECUNIA
Type: Vendor Advisory
51457
Source: CCN
Type: SA55314
Oracle Solaris Perl Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
55314
Source: DEBIAN
Type: UNKNOWN
DSA-2586
Source: DEBIAN
Type: DSA-2586
perl -- several vulnerabilities
Source: MANDRIVA
Type: UNKNOWN
MDVSA-2013:113
Source: MLIST
Type: UNKNOWN
[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195
Source: MLIST
Type: UNKNOWN
[oss-security] 20121026 Medium severity flaw with Perl 5
Source: MLIST
Type: UNKNOWN
[oss-security] 20121027 Re: Medium severity flaw with Perl 5
Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Source: BID
Type: UNKNOWN
56287
Source: CCN
Type: BID-56287
Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability
Source: UBUNTU
Type: UNKNOWN
USN-1643-1
Source: CCN
Type: Red Hat Bugzilla Bug 862413
CVE-2012-5195 perl: heap buffer overrun flaw may lead to arbitrary code execution
Source: XF
Type: UNKNOWN
perl-operator-bo(79639)
Source: CONFIRM
Type: UNKNOWN
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:perl:perl:5.12.0:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.0:rc0:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.0:rc1:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.0:rc2:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.0:rc3:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.0:rc4:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.0:rc5:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.1:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.1:rc1:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.1:rc2:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.2:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.2:rc1:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.3:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.3:rc1:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.3:rc2:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.3:rc3:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.4:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.14.0:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.14.0:rc1:*:*:*:*:*:*OR cpe:/a:perl:perl:5.14.0:rc2:*:*:*:*:*:*OR cpe:/a:perl:perl:5.14.0:rc3:*:*:*:*:*:*OR cpe:/a:perl:perl:5.14.1:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.14.2:*:*:*:*:*:*:*
Configuration RedHat 1:
cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
Configuration RedHat 2:
cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*
Configuration RedHat 3:
cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
Configuration RedHat 4:
cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*
Configuration RedHat 5:
cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*
Configuration RedHat 6:
cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
Configuration RedHat 7:
cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
Configuration CCN 1:
cpe:/a:perl:perl:5.10:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.10.1:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.12.0:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.14.1:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.14.2:*:*:*:*:*:*:*OR cpe:/a:perl:perl:5.8.2:*:*:*:*:*:*:*AND cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |