CVE-2013-1667

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

http://marc.info/?l=bugtraq&m=137891988921058&w=2

http://osvdb.org/90892

http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5

http://perl5.git.perl.org/perl.git/commitdiff/9d83adc

http://perl5.git.perl.org/perl.git/commitdiff/d59e31f

http://rhn.redhat.com/errata/RHSA-2013-0685.html

http://secunia.com/advisories/52472

http://secunia.com/advisories/52499

http://www.debian.org/security/2013/dsa-2641

http://www.mandriva.com/security/advisories?name=MDVSA-2013:113

http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/58311

http://www.ubuntu.com/usn/USN-1770-1

https://bugzilla.redhat.com/show_bug.cgi?id=912276

https://exchange.xforce.ibmcloud.com/vulnerabilities/82598

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094

Details

Source: MITRE

Published: 2013-03-14

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.8.10:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.12.4:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*

cpe:2.3:a:perl:perl:5.16.2:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
91752OracleVM 3.2 : perl (OVMSA-2016-0076)NessusOracleVM Local Security Checks
high
85945F5 Networks BIG-IP : Perl vulnerabilities (K15867)NessusF5 Networks Local Security Checks
high
80729Oracle Solaris Third-Party Patch Update : perl-58 (cve_2013_1667_denial_of)NessusSolaris Local Security Checks
high
80728Oracle Solaris Third-Party Patch Update : perl-516 (cve_2013_1667_denial_of2)NessusSolaris Local Security Checks
high
80726Oracle Solaris Third-Party Patch Update : perl-512 (cve_2013_1667_denial_of1)NessusSolaris Local Security Checks
high
74932openSUSE Security Update : perl (openSUSE-SU-2013:0497-1)NessusSuSE Local Security Checks
high
72033GLSA-201401-11 : Perl, Locale Maketext Perl module: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
70561Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
high
69736Amazon Linux AMI : perl (ALAS-2013-177)NessusAmazon Linux Local Security Checks
high
68797Oracle Linux 5 / 6 : perl (ELSA-2013-0685)NessusOracle Linux Local Security Checks
high
66125Mandriva Linux Security Advisory : perl (MDVSA-2013:113)NessusMandriva Local Security Checks
high
65772Fedora 17 : perl-5.14.4-224.fc17 (2013-3673)NessusFedora Local Security Checks
high
65715Scientific Linux Security Update : perl on SL5.x, SL6.x i386/x86_64 (20130326)NessusScientific Linux Local Security Checks
high
65698RHEL 5 / 6 : perl (RHSA-2013:0685)NessusRed Hat Local Security Checks
high
65694CentOS 5 / 6 : perl (CESA-2013:0685)NessusCentOS Local Security Checks
high
65647Fedora 18 : perl-5.16.2-240.fc18 (2013-3436)NessusFedora Local Security Checks
high
65629Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : perl vulnerability (USN-1770-1)NessusUbuntu Local Security Checks
high
65552Slackware 13.1 / 13.37 / 14.0 / current : perl (SSA:2013-072-01)NessusSlackware Local Security Checks
high
65249SuSE 10 Security Update : Perl (ZYPP Patch Number 8479)NessusSuSE Local Security Checks
high
65247SuSE 11.2 Security Update : Perl (SAT Patch Number 7439)NessusSuSE Local Security Checks
high
65199FreeBSD : perl -- denial of service via algorithmic complexity attack on hashing routines (68c1f75b-8824-11e2-9996-c48508086173)NessusFreeBSD Local Security Checks
high
65178Debian DSA-2641-2 : perl - rehashing flawNessusDebian Local Security Checks
high