CVE-2010-4777
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
| Software | From | Fixed in |
|---|---|---|
| perl / perl | 5.10 | 5.10.x |
| perl / perl | 5.14.0 | 5.14.0.x |
| perl / perl | 5.12.0 | 5.12.0.x |
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
- http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
- https://bugzilla.redhat.com/show_bug.cgi?id=694166
- https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
- https://rt.perl.org/Public/Bug/Display.html?id=76538
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime