Vulnerability Details : CVE-2010-4777
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-4777
Probability of exploitation activity in the next 30 days: 0.52%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4777
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-4777
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4777
-
https://rt.perl.org/Public/Bug/Display.html?id=76538
Bug #76538 for perl5: Assertion failed: (rx->sublen >= (s - rx->subbeg) + i), function Perl_reg_numbered_buff_fetch
-
http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
openSUSE-SU-2011:0479-1 (moderate): perl security update
-
https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
[Postfixbuch-users] proxy-reject: END-OF-MESSAGE: 451 4.3.0 Error: queue file write error
-
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:009
-
https://bugzilla.redhat.com/show_bug.cgi?id=694166
694166 – (CVE-2010-4777) CVE-2010-4777 perl: assertion failure with certain regular expressions
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
#628836 - perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions - Debian Bug report logs
-
http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
Ocsinventory Q&A
Products affected by CVE-2010-4777
- cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*