Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
Max CVSS
7.5
EPSS Score
3.23%
Published
2007-11-07
Updated
2018-10-15
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
Max CVSS
7.2
EPSS Score
0.06%
Published
2005-12-16
Updated
2013-10-24
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-07
Updated
2018-08-13
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-05-02
Updated
2018-08-13
Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.
Max CVSS
7.5
EPSS Score
2.37%
Published
2004-12-31
Updated
2017-07-11
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-09
Updated
2017-10-11
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
Max CVSS
2.6
EPSS Score
0.04%
Published
2004-12-21
Updated
2017-10-11
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.
Max CVSS
10.0
EPSS Score
3.49%
Published
2004-05-04
Updated
2017-07-11
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
Max CVSS
5.0
EPSS Score
0.24%
Published
2003-12-31
Updated
2008-09-05
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-10-20
Updated
2008-09-10
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
Max CVSS
5.5
EPSS Score
0.04%
Published
1999-12-31
Updated
2024-01-26
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
Max CVSS
7.2
EPSS Score
0.05%
Published
1997-05-29
Updated
2022-08-17
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!