Buffer overflow in Larry_wall Perl

CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular express…

Vulnerability class: Buffer Overflow

EPSS: 0.048 (90.8th percentile) — read the EPSS interpretation.

Affected products

Larry_wall Perl — versions 5.8.0, 5.8.1, 5.8.3
Mandrakesoft Mandrake_linux — versions 2007, 2007.1, 2008.0
Mandrakesoft Mandrake_linux_corporate_server — versions 3.0, 4.0
Mandrakesoft Mandrake_multi_network_firewall — versions 2.0
Openpkg — versions current
Rpath Rpath_linux — versions 1
Debian Debian_linux — versions 3.1, 4.0
Redhat Enterprise_linux — versions 3.0, 4.0, 5.0
Redhat Enterprise_linux_desktop — versions 3.0, 4.0
Redhat Linux_advanced_workstation — versions 2.1

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_HP, vendor-advisory)
cve@mitre.org (vdb-entry, x_refsource_VUPEN)
cve@mitre.org (US Government Resource, x_refsource_CERT, third-party-advisory)
cve@mitre.org (vendor-advisory, x_refsource_AIXAPAR)
cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (vendor-advisory, x_refsource_AIXAPAR)