CVE - CVE-2005-3962

CVE-ID
CVE-2005-3962	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:102192 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1~~ (Obsolete source) MISC:15629 URL:http://www.securityfocus.com/bid/15629 MISC:17762 URL:http://secunia.com/advisories/17762 MISC:17802 URL:http://secunia.com/advisories/17802 MISC:17844 URL:http://secunia.com/advisories/17844 MISC:17941 URL:http://secunia.com/advisories/17941 MISC:17952 URL:http://secunia.com/advisories/17952 MISC:17993 URL:http://secunia.com/advisories/17993 MISC:18075 URL:http://secunia.com/advisories/18075 MISC:18183 URL:http://secunia.com/advisories/18183 MISC:18187 URL:http://secunia.com/advisories/18187 MISC:18295 URL:http://secunia.com/advisories/18295 MISC:18413 URL:http://secunia.com/advisories/18413 MISC:18517 URL:http://secunia.com/advisories/18517 MISC:19041 URL:http://secunia.com/advisories/19041 MISC:20051201 Perl format string integer wrap vulnerability URL:http://marc.info/?l=full-disclosure&m=113342788118630&w=2 MISC:20051201 Perl format string integer wrap vulnerability URL:http://www.securityfocus.com/archive/1/418333/100/0/threaded MISC:20060101-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U MISC:20894 URL:http://secunia.com/advisories/20894 MISC:21345 URL:~~http://www.osvdb.org/21345~~ (Obsolete source) MISC:22255 URL:~~http://www.osvdb.org/22255~~ (Obsolete source) MISC:23155 URL:http://secunia.com/advisories/23155 MISC:31208 URL:http://secunia.com/advisories/31208 MISC:ADV-2005-2688 URL:~~http://www.vupen.com/english/advisories/2005/2688~~ (Obsolete source) MISC:ADV-2006-0771 URL:~~http://www.vupen.com/english/advisories/2006/0771~~ (Obsolete source) MISC:ADV-2006-2613 URL:~~http://www.vupen.com/english/advisories/2006/2613~~ (Obsolete source) MISC:ADV-2006-4750 URL:~~http://www.vupen.com/english/advisories/2006/4750~~ (Obsolete source) MISC:APPLE-SA-2006-11-28 URL:http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html MISC:CLSA-2006:1056 URL:~~http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056~~ (Obsolete source - check if archived by the Wayback Machine) MISC:DSA-943 URL:http://www.debian.org/security/2006/dsa-943 MISC:FLSA-2006:176731 URL:https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html MISC:GLSA-200512-01 URL:http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml MISC:HPSBTU02125 URL:http://www.securityfocus.com/archive/1/438726/100/0/threaded MISC:MDKSA-2005:225 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:225~~ (Obsolete source) MISC:OpenPKG-SA-2005.025 URL:http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html MISC:RHSA-2005:880 URL:http://www.redhat.com/support/errata/RHSA-2005-880.html MISC:RHSA-2005:881 URL:http://www.redhat.com/support/errata/RHSA-2005-881.html MISC:SSRT061105 URL:http://www.securityfocus.com/archive/1/438726/100/0/threaded MISC:SUSE-SA:2005:071 URL:http://www.novell.com/linux/security/advisories/2005_71_perl.html MISC:SUSE-SR:2005:029 URL:http://www.novell.com/linux/security/advisories/2005_29_sr.html MISC:TA06-333A URL:http://www.us-cert.gov/cas/techalerts/TA06-333A.html MISC:TSLSA-2005-0070 URL:~~http://www.trustix.org/errata/2005/0070~~ (Obsolete source - check if archived by the Wayback Machine) MISC:USN-222-1 URL:https://usn.ubuntu.com/222-1/ MISC:VU#948385 URL:http://www.kb.cert.org/vuls/id/948385 MISC:[3.7] 20060105 007: SECURITY FIX: January 5, 2006 URL:http://www.openbsd.org/errata37.html#perl MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch URL:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch URL:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch MISC:http://docs.info.apple.com/article.html?artnum=304829 URL:http://docs.info.apple.com/article.html?artnum=304829 MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm MISC:http://www.dyadsecurity.com/perl-0002.html URL:http://www.dyadsecurity.com/perl-0002.html MISC:http://www.ipcop.org/index.php?name=News&file=article&sid=41 URL:http://www.ipcop.org/index.php?name=News&file=article&sid=41 MISC:oval:org.mitre.oval:def:10598 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 MISC:oval:org.mitre.oval:def:1074 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
Assigning CNA
Red Hat, Inc.
Date Record Created
20051201	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051201)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)