Buffer Overflow in Perl's Regular Expression Engine Affects Multiple Vendors
CVE-2007-5116

Currently unrated

Key Information:

Vendor

Larry Wall

Status
Perl
Mandrake Multi Network Firewall
Openpkg
Enterprise Linux
Vendor
CVE Published:
7 November 2007

What is CVE-2007-5116?

The vulnerability arises due to a buffer overflow in the polymorphic opcode support of the Regular Expression Engine found in Perl version 5.8. Attackers exploiting this flaw can manipulate regular expressions by switching between byte and Unicode (UTF) characters. This could ultimately enable the execution of arbitrary code within the context of the affected Perl application, leading to potential system compromise.

References

http://secunia.com/advisories/27479
third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2007/dsa-1400
vendor-advisoryx_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=120352263023774&w=2
vendor-advisoryx_refsource_HP

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.