Computer Security
[EN] securityvulns.ru no-pyccku


perl security vulnerabilities
Published:20.01.2012
Source:
SecurityVulns ID:12148
Type:library
Threat Level:
5/10
Description:It's possible to inject eval expression into digest module constructor. Off-by-one overflow in decode_xs.
Affected:PERL : perl 5.15
CVE:CVE-2011-3597 (Eval injection in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.)
 CVE-2011-2939 (Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:009 ] perl (20.01.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod