CVE-2004-2022

ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2022
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
activestate / activeperl	5.7.2	5.7.2.x
activestate / activeperl	5.6.2	5.6.2.x
activestate / activeperl	5.6.3	5.6.3.x
activestate / activeperl	5.6.1	5.6.1.x
activestate / activeperl	5.7.1	5.7.1.x
activestate / activeperl	5.7.3	5.7.3.x
activestate / activeperl	5.8	5.8.x
activestate / activeperl	5.6.1.630	5.6.1.630.x

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html
http://marc.info/?l=bugtraq&m=108489894009025&w=2
http://marc.info/?l=full-disclosure&m=108482796105922&w=2
http://marc.info/?l=full-disclosure&m=108483058514596&w=2
http://marc.info/?l=full-disclosure&m=108489112131099&w=2
http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt
http://www.perlmonks.org/index.pl?node_id=354145
http://www.securityfocus.com/bid/10375
https://exchange.xforce.ibmcloud.com/vulnerabilities/16169

Vulnerability Database

289,697

CVE-2004-2022