CVE-2013-7422

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

References

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06

http://www.securityfocus.com/bid/75704

http://www.ubuntu.com/usn/USN-2916-1

https://security.gentoo.org/glsa/201507-11

https://support.apple.com/kb/HT205031

Details

Source: MITRE

Published: 2015-08-16

Updated: 2016-12-22

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.10.4 (inclusive)

Configuration 2

OR

cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
135638EulerOS Virtualization 3.0.2.2 : perl (EulerOS-SA-2020-1476)NessusHuawei Local Security Checks
high
134485EulerOS Virtualization for ARM 64 3.0.2.0 : perl (EulerOS-SA-2020-1196)NessusHuawei Local Security Checks
high
132183EulerOS 2.0 SP3 : perl (EulerOS-SA-2019-2648)NessusHuawei Local Security Checks
high
131911EulerOS 2.0 SP2 : perl (EulerOS-SA-2019-2419)NessusHuawei Local Security Checks
high
130682EulerOS 2.0 SP5 : perl (EulerOS-SA-2019-2220)NessusHuawei Local Security Checks
high
89100Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : perl vulnerabilities (USN-2916-1)NessusUbuntu Local Security Checks
high
8981Mac OS X < 10.10.5 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
high
86082GLSA-201507-11 : Perl: Denial of ServiceNessusGentoo Local Security Checks
high
85408Mac OS X 10.10.x < 10.10.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high