CVE-2004-2286

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2286
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
activestate / activeperl	5.7.2	5.7.2.x
larry_wall / perl	5.6	5.6.x
larry_wall / perl	5.8.0	5.8.0.x
larry_wall / perl	5.4	5.4.x
activestate / activeperl	5.6.2	5.6.2.x
activestate / activeperl	5.6.3	5.6.3.x
larry_wall / perl	5.5	5.5.x
activestate / activeperl	5.8.3	5.8.3.x
activestate / activeperl	5.6.1	5.6.1.x
activestate / activeperl	5.7.1	5.7.1.x
larry_wall / perl	5.6.1	5.6.1.x
activestate / activeperl	5.7.3	5.7.3.x
larry_wall / perl	5.5.3	5.5.3.x
larry_wall / perl	5.3	5.3.x
activestate / activeperl	5.8	5.8.x
larry_wall / perl	5.8.1	5.8.1.x
larry_wall / perl	5.4.5	5.4.5.x
activestate / activeperl	5.8.1	5.8.1.x
larry_wall / perl	5.8.3	5.8.3.x
activestate / activeperl	5.6.1.630	5.6.1.630.x

Vulnerability Database

289,697

CVE-2004-2286