CVE-2013-7422

HIGH

Description

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

References

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06

http://www.securityfocus.com/bid/75704

http://www.ubuntu.com/usn/USN-2916-1

https://security.gentoo.org/glsa/201507-11

https://support.apple.com/kb/HT205031

Details

Source: MITRE

Published: 2015-08-16

Updated: 2016-12-22

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.10.4 (inclusive)

Configuration 2

OR

cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
135638EulerOS Virtualization 3.0.2.2 : perl (EulerOS-SA-2020-1476)NessusHuawei Local Security Checks
high
134485EulerOS Virtualization for ARM 64 3.0.2.0 : perl (EulerOS-SA-2020-1196)NessusHuawei Local Security Checks
high
132183EulerOS 2.0 SP3 : perl (EulerOS-SA-2019-2648)NessusHuawei Local Security Checks
high
131911EulerOS 2.0 SP2 : perl (EulerOS-SA-2019-2419)NessusHuawei Local Security Checks
high
130682EulerOS 2.0 SP5 : perl (EulerOS-SA-2019-2220)NessusHuawei Local Security Checks
high
89100Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : perl vulnerabilities (USN-2916-1)NessusUbuntu Local Security Checks
high
8981Mac OS X < 10.10.5 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
high
86082GLSA-201507-11 : Perl: Denial of ServiceNessusGentoo Local Security Checks
high
85408Mac OS X 10.10.x < 10.10.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high