What is CVE-2012-6329?

CVE-2012-6329 is a vulnerability in Perl, classified under Code Injection. Published 2013-01-04.

Is CVE-2012-6329 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Perl

CVE-2012-6329

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.820 (99.2th percentile) — read the EPSS interpretation.

Affected products

Perl — versions 5.10, 5.10.0, 5.10.1
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM)
MDVSA-2013:113 (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (x_refsource_CONFIRM)
[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (x_refsource_CONFIRM)
[perl5-porters] 20121205 Re: security notice: Locale::Maketext (mailing-list, x_refsource_MLIST)
[oss-security] 20121211 Re: CVE request: perl-modules (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2012-6329?: CVE-2012-6329 is a vulnerability in Perl, classified under Code Injection. Published 2013-01-04.
Is CVE-2012-6329 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.