CVE-2005-3962 - Vulnerability Details

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Perl	Perl
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:perl:perl:5.8.6:::::::*
	cpe:2.3:a:perl:perl:5.9.2:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
perl-2:5.8.0-90.4	cpe:/o:redhat:enterprise_linux:3	RHSA-2005:881	2005-12-20T00:00:00Z
Red Hat Enterprise Linux 4
perl-3:5.8.5-24.RHEL4	cpe:/o:redhat:enterprise_linux:4	RHSA-2005:880	2005-12-20T00:00:00Z

References

Link	Providers
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
http://secunia.com/advisories/17762
http://secunia.com/advisories/17802
http://secunia.com/advisories/17844
http://secunia.com/advisories/17941
http://secunia.com/advisories/17952
http://secunia.com/advisories/17993
http://secunia.com/advisories/18075
http://secunia.com/advisories/18183
http://secunia.com/advisories/18187
http://secunia.com/advisories/18295
http://secunia.com/advisories/18413
http://secunia.com/advisories/18517
http://secunia.com/advisories/19041
http://secunia.com/advisories/20894
http://secunia.com/advisories/23155
http://secunia.com/advisories/31208
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.debian.org/security/2006/dsa-943
http://www.dyadsecurity.com/perl-0002.html
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
http://www.ipcop.org/index.php?name=News&file=article&sid=41
http://www.kb.cert.org/vuls/id/948385
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.novell.com/linux/security/advisories/2005_71_perl.html
http://www.openbsd.org/errata37.html#perl
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
http://www.osvdb.org/21345
http://www.osvdb.org/22255
http://www.redhat.com/support/errata/RHSA-2005-880.html
http://www.redhat.com/support/errata/RHSA-2005-881.html
http://www.securityfocus.com/archive/1/418333/100/0/threaded
http://www.securityfocus.com/archive/1/438726/100/0/threaded
http://www.securityfocus.com/bid/15629
http://www.trustix.org/errata/2005/0070
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
http://www.vupen.com/english/advisories/2005/2688
http://www.vupen.com/english/advisories/2006/0771
http://www.vupen.com/english/advisories/2006/2613
http://www.vupen.com/english/advisories/2006/4750
https://nvd.nist.gov/vuln/detail/CVE-2005-3962
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
https://usn.ubuntu.com/222-1/
https://www.cve.org/CVERecord?id=CVE-2005-3962
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2005-12-01T17:00:00

Updated: 2024-08-07T23:31:48.716Z

Reserved: 2005-12-01T00:00:00

Link: CVE-2005-3962

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-12-01T17:03:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-3962

Redhat

Severity : Moderate

Publid Date: 2005-12-01T00:00:00Z

Links: CVE-2005-3962 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2006-4750", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"name": "oval:org.mitre.oval:def:1074", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"}, {"name": "VU#948385", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/948385"}, {"name": "22255", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/22255"}, {"name": "17941", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17941"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"}, {"name": "20051201 Perl format string integer wrap vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"}, {"name": "HPSBTU02125", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"}, {"name": "20051201 Perl format string integer wrap vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=113342788118630&w=2"}, {"name": "ADV-2005-2688", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2688"}, {"tags": ["x_refsource_MISC"], "url": "http://www.dyadsecurity.com/perl-0002.html"}, {"name": "21345", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21345"}, {"name": "15629", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15629"}, {"name": "RHSA-2005:881", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"name": "oval:org.mitre.oval:def:10598", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"}, {"name": "DSA-943", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-943"}, {"name": "[3.7] 20060105 007: SECURITY FIX: January 5, 2006", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://www.openbsd.org/errata37.html#perl"}, {"name": "17993", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17993"}, {"name": "18075", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18075"}, {"name": "FLSA-2006:176731", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"}, {"name": "CLSA-2006:1056", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056"}, {"name": "OpenPKG-SA-2005.025", "tags": ["vendor-advisory", "x_refsource_OPENPKG"], "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"}, {"name": "SSRT061105", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"}, {"name": "ADV-2006-0771", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0771"}, {"name": "20060101-01-U", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"}, {"name": "20894", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20894"}, {"name": "USN-222-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/222-1/"}, {"name": "ADV-2006-2613", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2613"}, {"name": "18413", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18413"}, {"name": "23155", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23155"}, {"name": "17762", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17762"}, {"name": "18187", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18187"}, {"name": "TSLSA-2005-0070", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2005/0070"}, {"name": "18517", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18517"}, {"name": "18295", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18295"}, {"name": "SUSE-SA:2005:071", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"}, {"name": "18183", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18183"}, {"name": "RHSA-2005:880", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"}, {"name": "APPLE-SA-2006-11-28", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"name": "TA06-333A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}, {"name": "102192", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"}, {"name": "17952", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17952"}, {"name": "MDKSA-2005:225", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=41"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"}, {"name": "GLSA-200512-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"}, {"name": "31208", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31208"}, {"name": "17802", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17802"}, {"name": "SUSE-SR:2005:029", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"}, {"name": "19041", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19041"}, {"name": "17844", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17844"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:31:48.716Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-4750", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"name": "oval:org.mitre.oval:def:1074", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"}, {"name": "VU#948385", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/948385"}, {"name": "22255", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/22255"}, {"name": "17941", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17941"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"}, {"name": "20051201 Perl format string integer wrap vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"}, {"name": "HPSBTU02125", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"}, {"name": "20051201 Perl format string integer wrap vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=113342788118630&w=2"}, {"name": "ADV-2005-2688", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/2688"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.dyadsecurity.com/perl-0002.html"}, {"name": "21345", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21345"}, {"name": "15629", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15629"}, {"name": "RHSA-2005:881", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"name": "oval:org.mitre.oval:def:10598", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"}, {"name": "DSA-943", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-943"}, {"name": "[3.7] 20060105 007: SECURITY FIX: January 5, 2006", "tags": ["vendor-advisory", "x_refsource_OPENBSD", "x_transferred"], "url": "http://www.openbsd.org/errata37.html#perl"}, {"name": "17993", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17993"}, {"name": "18075", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18075"}, {"name": "FLSA-2006:176731", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"}, {"name": "CLSA-2006:1056", "tags": ["vendor-advisory", "x_refsource_CONECTIVA", "x_transferred"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056"}, {"name": "OpenPKG-SA-2005.025", "tags": ["vendor-advisory", "x_refsource_OPENPKG", "x_transferred"], "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"}, {"name": "SSRT061105", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"}, {"name": "ADV-2006-0771", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0771"}, {"name": "20060101-01-U", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"}, {"name": "20894", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20894"}, {"name": "USN-222-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/222-1/"}, {"name": "ADV-2006-2613", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2613"}, {"name": "18413", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18413"}, {"name": "23155", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23155"}, {"name": "17762", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17762"}, {"name": "18187", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18187"}, {"name": "TSLSA-2005-0070", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2005/0070"}, {"name": "18517", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18517"}, {"name": "18295", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18295"}, {"name": "SUSE-SA:2005:071", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"}, {"name": "18183", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18183"}, {"name": "RHSA-2005:880", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"}, {"name": "APPLE-SA-2006-11-28", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"name": "TA06-333A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}, {"name": "102192", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"}, {"name": "17952", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17952"}, {"name": "MDKSA-2005:225", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=41"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"}, {"name": "GLSA-200512-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"}, {"name": "31208", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31208"}, {"name": "17802", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17802"}, {"name": "SUSE-SR:2005:029", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"}, {"name": "19041", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19041"}, {"name": "17844", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17844"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-3962", "datePublished": "2005-12-01T17:00:00", "dateReserved": "2005-12-01T00:00:00", "dateUpdated": "2024-08-07T23:31:48.716Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "DF69341A-4D00-424E-AD0F-FA7515278770", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications."}], "id": "CVE-2005-3962", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-01T17:03:00.000", "references": [{"source": "secalert@redhat.com", "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"}, {"source": "secalert@redhat.com", "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"}, {"source": "secalert@redhat.com", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"}, {"source": "secalert@redhat.com", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056"}, {"source": "secalert@redhat.com", "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=full-disclosure&m=113342788118630&w=2"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17762"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17802"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17844"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17941"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17952"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17993"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18075"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18183"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18187"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18295"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18413"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18517"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19041"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20894"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23155"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31208"}, {"source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2006/dsa-943"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dyadsecurity.com/perl-0002.html"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"}, {"source": "secalert@redhat.com", "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=41"}, {"source": "secalert@redhat.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/948385"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"}, {"source": "secalert@redhat.com", "url": "http://www.openbsd.org/errata37.html#perl"}, {"source": "secalert@redhat.com", "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/21345"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/22255"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/15629"}, {"source": "secalert@redhat.com", "url": "http://www.trustix.org/errata/2005/0070"}, {"source": "secalert@redhat.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2005/2688"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/0771"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2613"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/222-1/"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=113342788118630&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17762"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17941"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17993"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18075"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18183"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18187"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18413"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18517"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20894"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-943"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dyadsecurity.com/perl-0002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=41"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/948385"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openbsd.org/errata37.html#perl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/21345"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/22255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2005/0070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/2688"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0771"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/222-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2005:881", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "perl-2:5.8.0-90.4", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2005-12-20T00:00:00Z"}, {"advisory": "RHSA-2005:880", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "perl-3:5.8.5-24.RHEL4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2005-12-20T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1617848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617848"}, "csaw": false, "details": ["Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications."], "name": "CVE-2005-3962", "public_date": "2005-12-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2005-3962\nhttps://nvd.nist.gov/vuln/detail/CVE-2005-3962"], "threat_severity": "Moderate"}

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object