CVE-2010-4777

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
perlperl
5.10
perlperl
5.12.0
perlperl
5.14.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
perl
bookworm
5.36.0-7+deb12u1
fixed
bullseye
5.32.1-4+deb11u3
fixed
bullseye (security)
5.32.1-4+deb11u4
fixed
sid
5.40.0-6
fixed
trixie
5.40.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
perl
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
perl
suse enterprise desktop 15
5.26.1-5.41
fixed
suse enterprise desktop 15 SP1
5.26.1-7.6.1
fixed
suse enterprise sap 12 SP5
5.18.2-12.20.1
fixed
suse enterprise sap 15
5.26.1-5.41
fixed
suse enterprise sap 15 SP1
5.26.1-7.6.1
fixed
suse enterprise server 12
5.18.2-3.7
fixed
suse enterprise server 12 SP1
5.18.2-3.7
fixed
suse enterprise server 12 SP2
5.18.2-11.1
fixed
suse enterprise server 12 SP3
5.18.2-11.1
fixed
suse enterprise server 12 SP5
5.18.2-12.20.1
fixed
suse enterprise server 15
5.26.1-5.41
fixed
suse enterprise server 15 SP1
5.26.1-7.6.1
fixed
perl-32bit
suse enterprise sap 12 SP5
5.18.2-12.20.1
fixed
suse enterprise server 12
5.18.2-3.7
fixed
suse enterprise server 12 SP1
5.18.2-3.7
fixed
suse enterprise server 12 SP2
5.18.2-11.1
fixed
suse enterprise server 12 SP3
5.18.2-11.1
fixed
suse enterprise server 12 SP5
5.18.2-12.20.1
fixed
perl-base
suse enterprise desktop 15
5.26.1-5.41
fixed
suse enterprise desktop 15 SP1
5.26.1-7.6.1
fixed
suse enterprise sap 12 SP5
5.18.2-12.20.1
fixed
suse enterprise sap 15
5.26.1-5.41
fixed
suse enterprise sap 15 SP1
5.26.1-7.6.1
fixed
suse enterprise server 12
5.18.2-3.7
fixed
suse enterprise server 12 SP1
5.18.2-3.7
fixed
suse enterprise server 12 SP2
5.18.2-11.1
fixed
suse enterprise server 12 SP3
5.18.2-11.1
fixed
suse enterprise server 12 SP5
5.18.2-12.20.1
fixed
suse enterprise server 15
5.26.1-5.41
fixed
suse enterprise server 15 SP1
5.26.1-7.6.1
fixed
perl-base-32bit
suse enterprise desktop 15
5.26.1-5.41
fixed
suse enterprise desktop 15 SP1
5.26.1-7.6.1
fixed
suse enterprise sap 15
5.26.1-5.41
fixed
suse enterprise sap 15 SP1
5.26.1-7.6.1
fixed
suse enterprise server 15
5.26.1-5.41
fixed
suse enterprise server 15 SP1
5.26.1-7.6.1
fixed
perl-doc
suse enterprise sap 12 SP5
5.18.2-12.20.1
fixed
suse enterprise server 12
5.18.2-3.7
fixed
suse enterprise server 12 SP1
5.18.2-3.7
fixed
suse enterprise server 12 SP2
5.18.2-11.1
fixed
suse enterprise server 12 SP3
5.18.2-11.1
fixed
suse enterprise server 12 SP5
5.18.2-12.20.1
fixed
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
https://bugzilla.redhat.com/show_bug.cgi?id=694166
https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
https://rt.perl.org/Public/Bug/Display.html?id=76538
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
https://bugzilla.redhat.com/show_bug.cgi?id=694166
https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
https://rt.perl.org/Public/Bug/Display.html?id=76538