CVE-2012-5195

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44

http://rhn.redhat.com/errata/RHSA-2013-0685.html

http://secunia.com/advisories/51457

http://secunia.com/advisories/55314

http://www.debian.org/security/2012/dsa-2586

http://www.mandriva.com/security/advisories?name=MDVSA-2013:113

http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html

http://www.openwall.com/lists/oss-security/2012/10/26/2

http://www.openwall.com/lists/oss-security/2012/10/27/1

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/56287

http://www.ubuntu.com/usn/USN-1643-1

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352

Details

Source: MITRE

Published: 2012-12-18

Updated: 2016-12-08

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
91752OracleVM 3.2 : perl (OVMSA-2016-0076)NessusOracleVM Local Security Checks
high
85945F5 Networks BIG-IP : Perl vulnerabilities (K15867)NessusF5 Networks Local Security Checks
high
80734Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_5195_buffer_errors)NessusSolaris Local Security Checks
high
80727Oracle Solaris Third-Party Patch Update : perl-512 (cve_2012_5195_heap_buffer)NessusSolaris Local Security Checks
high
72033GLSA-201401-11 : Perl, Locale Maketext Perl module: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
69736Amazon Linux AMI : perl (ALAS-2013-177)NessusAmazon Linux Local Security Checks
high
68797Oracle Linux 5 / 6 : perl (ELSA-2013-0685)NessusOracle Linux Local Security Checks
high
66125Mandriva Linux Security Advisory : perl (MDVSA-2013:113)NessusMandriva Local Security Checks
high
65715Scientific Linux Security Update : perl on SL5.x, SL6.x i386/x86_64 (20130326)NessusScientific Linux Local Security Checks
high
65698RHEL 5 / 6 : perl (RHSA-2013:0685)NessusRed Hat Local Security Checks
high
65694CentOS 5 / 6 : perl (CESA-2013:0685)NessusCentOS Local Security Checks
high
64279Mandriva Linux Security Advisory : perl (MDVSA-2013:005)NessusMandriva Local Security Checks
high
63270Debian DSA-2586-1 : perl - several vulnerabilitiesNessusDebian Local Security Checks
high
63109Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : perl vulnerabilities (USN-1643-1)NessusUbuntu Local Security Checks
high