CVE - CVE-2007-5116

CVE-ID
CVE-2007-5116	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:IZ10220 URL:http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220 AIXAPAR:IZ10244 URL:http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244 APPLE:APPLE-SA-2007-12-17 URL:http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html BID:26350 URL:http://www.securityfocus.com/bid/26350 BUGTRAQ:20071110 FLEA-2007-0063-1 perl URL:http://www.securityfocus.com/archive/1/483563/100/0/threaded BUGTRAQ:20071112 FLEA-2007-0069-1 perl URL:http://www.securityfocus.com/archive/1/483584/100/0/threaded BUGTRAQ:20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages URL:http://www.securityfocus.com/archive/1/485936/100/0/threaded BUGTRAQ:20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages URL:http://www.securityfocus.com/archive/1/486859/100/0/threaded CERT:TA07-352A URL:http://www.us-cert.gov/cas/techalerts/TA07-352A.html CONFIRM:ftp://aix.software.ibm.com/aix/efixes/security/README CONFIRM:http://docs.info.apple.com/article.html?artnum=307179 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm CONFIRM:http://www.ipcop.org/index.php?name=News&file=article&sid=41 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0001.html CONFIRM:https://issues.rpath.com/browse/RPL-1813 DEBIAN:DSA-1400 URL:http://www.debian.org/security/2007/dsa-1400 GENTOO:GLSA-200711-28 URL:http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml HP:HPSBTU02311 URL:http://marc.info/?l=bugtraq&m=120352263023774&w=2 HP:SSRT080001 URL:http://marc.info/?l=bugtraq&m=120352263023774&w=2 MANDRIVA:MDKSA-2007:207 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:207 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=323571 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=378131 MLIST:[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages URL:http://lists.vmware.com/pipermail/security-announce/2008/000002.html OPENPKG:OpenPKG-SA-2007.023 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html OVAL:oval:org.mitre.oval:def:10669 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669 REDHAT:RHSA-2007:0966 URL:http://www.redhat.com/support/errata/RHSA-2007-0966.html REDHAT:RHSA-2007:1011 URL:http://www.redhat.com/support/errata/RHSA-2007-1011.html SECTRACK:1018899 URL:http://securitytracker.com/id?1018899 SECUNIA:27479 URL:http://secunia.com/advisories/27479 SECUNIA:27515 URL:http://secunia.com/advisories/27515 SECUNIA:27531 URL:http://secunia.com/advisories/27531 SECUNIA:27546 URL:http://secunia.com/advisories/27546 SECUNIA:27548 URL:http://secunia.com/advisories/27548 SECUNIA:27570 URL:http://secunia.com/advisories/27570 SECUNIA:27613 URL:http://secunia.com/advisories/27613 SECUNIA:27756 URL:http://secunia.com/advisories/27756 SECUNIA:27936 URL:http://secunia.com/advisories/27936 SECUNIA:28167 URL:http://secunia.com/advisories/28167 SECUNIA:28368 URL:http://secunia.com/advisories/28368 SECUNIA:28387 URL:http://secunia.com/advisories/28387 SECUNIA:28993 URL:http://secunia.com/advisories/28993 SECUNIA:29074 URL:http://secunia.com/advisories/29074 SECUNIA:31208 URL:http://secunia.com/advisories/31208 SUNALERT:1018985 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1 SUNALERT:231524 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1 SUNALERT:31524 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1 SUSE:SUSE-SR:2007:024 URL:http://www.novell.com/linux/security/advisories/2007_24_sr.html UBUNTU:USN-552-1 URL:http://www.ubuntu.com/usn/usn-552-1 VUPEN:ADV-2007-3724 URL:http://www.vupen.com/english/advisories/2007/3724 VUPEN:ADV-2007-4238 URL:http://www.vupen.com/english/advisories/2007/4238 VUPEN:ADV-2007-4255 URL:http://www.vupen.com/english/advisories/2007/4255 VUPEN:ADV-2008-0064 URL:http://www.vupen.com/english/advisories/2008/0064 VUPEN:ADV-2008-0641 URL:http://www.vupen.com/english/advisories/2008/0641 XF:perl-unicode-bo(38270) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38270
Assigning CNA
MITRE Corporation
Date Record Created
20070927	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070927)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)