Computer Security
[EN] no-pyccku

perl multiple security vulnerabilities
SecurityVulns ID:12731
Threat Level:
Description:Buffer overflow in decode_xs, Digest constructor buffer veorflow, x operator buffer overflow, headers injection.
Affected:PERL : perl 5.15
CVE:CVE-2012-5526 ( module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use
 CVE-2012-5195 (Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.)
 CVE-2011-3597 (Eval injection in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.)
 CVE-2011-2939 (Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.)
Original documentdocumentUBUNTU, [USN-1643-1] Perl vulnerabilities (02.12.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod