Upstream information
Description
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4.6 |
Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Access Vector | Local |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SA:2005:071, published Tue, 20 Dec 2005 16:00:00 +0000
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Micro 6.0 |
| Patchnames: SUSE Linux Micro 6.0 GA perl-5.38.2-1.52 |
SUSE Linux Micro 6.1 |
| Patchnames: SUSE Linux Micro 6.1 GA perl-5.38.2-slfo.1.1_1.4 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-11158 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 02:33:29 2013CVE page last modified: Tue Dec 17 16:12:52 2024