CVE - CVE-2011-1487

CVE-ID
CVE-2011-1487	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:43921 URL:http://secunia.com/advisories/43921 MISC:44168 URL:http://secunia.com/advisories/44168 MISC:47124 URL:http://www.securityfocus.com/bid/47124 MISC:DSA-2265 URL:http://www.debian.org/security/2011/dsa-2265 MISC:FEDORA-2011-4610 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html MISC:FEDORA-2011-4631 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html MISC:MDVSA-2011:091 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:091~~ (Obsolete source) MISC:SUSE-SR:2011:009 URL:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html MISC:[oss-security] 20110401 CVE Request -- perl -- lc(), uc() routines are laundering tainted data URL:http://openwall.com/lists/oss-security/2011/04/01/3 MISC:[oss-security] 20110404 Re: CVE Request -- perl -- lc(), uc() routines are laundering tainted data URL:http://openwall.com/lists/oss-security/2011/04/04/35 MISC:http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99 URL:http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99 MISC:http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336 URL:http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=692844 URL:https://bugzilla.redhat.com/show_bug.cgi?id=692844 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=692898 URL:https://bugzilla.redhat.com/show_bug.cgi?id=692898 MISC:perl-laundering-security-bypass(66528) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
Assigning CNA
Red Hat, Inc.
Date Record Created
20110321	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110321)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.