CVE-2011-1487

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
perlperl
5.10.0
perlperl
5.10.0:rc1
perlperl
5.10.0:rc2
perlperl
5.10.1
perlperl
5.10.1:rc1
perlperl
5.10.1:rc2
perlperl
5.13.0
perlperl
5.13.1
perlperl
5.13.2
perlperl
5.13.3
perlperl
5.13.4
perlperl
5.13.5
perlperl
5.13.6
perlperl
5.13.7
perlperl
5.13.8
perlperl
5.13.9
perlperl
5.13.10
perlperl
5.13.11
perlperl
5.11.0
perlperl
5.11.1
perlperl
5.11.2
perlperl
5.11.3
perlperl
5.11.4
perlperl
5.11.5
perlperl
5.12.0
perlperl
5.12.0:rc0
perlperl
5.12.0:rc1
perlperl
5.12.0:rc2
perlperl
5.12.0:rc3
perlperl
5.12.0:rc4
perlperl
5.12.0:rc5
perlperl
5.12.1
perlperl
5.12.1:rc1
perlperl
5.12.1:rc2
perlperl
5.12.2
perlperl
5.12.2:rc1
perlperl
5.12.3
perlperl
5.12.3:rc1
perlperl
5.12.3:rc2
perlperl
5.12.3:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
perl
bookworm
5.36.0-7+deb12u1
fixed
bullseye
5.32.1-4+deb11u3
fixed
bullseye (security)
5.32.1-4+deb11u4
fixed
sid
5.40.0-6
fixed
trixie
5.40.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
perl
dapper
not-affected
hardy
not-affected
karmic
ignored
lucid
Fixed 5.10.1-8ubuntu2.1
released
maverick
Fixed 5.10.1-12ubuntu2.1
released
natty
Fixed 5.10.1-17ubuntu4.1
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
perl
RHEL 6
4:5.10.1-119.el6
fixed
perl-Archive-Extract
RHEL 6
1:0.38-119.el6
fixed
perl-Archive-Tar
RHEL 6
0:1.58-119.el6
fixed
perl-CGI
RHEL 6
0:3.51-119.el6
fixed
perl-CPAN
RHEL 6
0:1.9402-119.el6
fixed
perl-CPANPLUS
RHEL 6
0:0.88-119.el6
fixed
perl-Compress-Raw-Zlib
RHEL 6
0:2.023-119.el6
fixed
perl-Compress-Zlib
RHEL 6
0:2.020-119.el6
fixed
perl-Digest-SHA
RHEL 6
1:5.47-119.el6
fixed
perl-ExtUtils-CBuilder
RHEL 6
1:0.27-119.el6
fixed
perl-ExtUtils-Embed
RHEL 6
0:1.28-119.el6
fixed
perl-ExtUtils-MakeMaker
RHEL 6
0:6.55-119.el6
fixed
perl-ExtUtils-ParseXS
RHEL 6
1:2.2003.0-119.el6
fixed
perl-File-Fetch
RHEL 6
0:0.26-119.el6
fixed
perl-IO-Compress-Base
RHEL 6
0:2.020-119.el6
fixed
perl-IO-Compress-Zlib
RHEL 6
0:2.020-119.el6
fixed
perl-IO-Zlib
RHEL 6
1:1.09-119.el6
fixed
perl-IPC-Cmd
RHEL 6
1:0.56-119.el6
fixed
perl-Locale-Maketext-Simple
RHEL 6
1:0.18-119.el6
fixed
perl-Log-Message
RHEL 6
1:0.02-119.el6
fixed
perl-Log-Message-Simple
RHEL 6
0:0.04-119.el6
fixed
perl-Module-Build
RHEL 6
1:0.3500-119.el6
fixed
perl-Module-CoreList
RHEL 6
0:2.18-119.el6
fixed
perl-Module-Load
RHEL 6
1:0.16-119.el6
fixed
perl-Module-Load-Conditional
RHEL 6
0:0.30-119.el6
fixed
perl-Module-Loaded
RHEL 6
1:0.02-119.el6
fixed
perl-Module-Pluggable
RHEL 6
1:3.90-119.el6
fixed
perl-Object-Accessor
RHEL 6
1:0.34-119.el6
fixed
perl-Package-Constants
RHEL 6
1:0.02-119.el6
fixed
perl-Params-Check
RHEL 6
1:0.26-119.el6
fixed
perl-Parse-CPAN-Meta
RHEL 6
1:1.40-119.el6
fixed
perl-Pod-Escapes
RHEL 6
1:1.04-119.el6
fixed
perl-Pod-Simple
RHEL 6
1:3.13-119.el6
fixed
perl-Term-UI
RHEL 6
0:0.20-119.el6
fixed
perl-Test-Harness
RHEL 6
0:3.17-119.el6
fixed
perl-Test-Simple
RHEL 6
0:0.92-119.el6
fixed
perl-Time-HiRes
RHEL 6
4:1.9721-119.el6
fixed
perl-Time-Piece
RHEL 6
0:1.15-119.el6
fixed
perl-core
RHEL 6
0:5.10.1-119.el6
fixed
perl-devel
RHEL 6
4:5.10.1-119.el6
fixed
perl-libs
RHEL 6
4:5.10.1-119.el6
fixed
perl-parent
RHEL 6
1:0.221-119.el6
fixed
perl-suidperl
RHEL 6
4:5.10.1-119.el6
fixed
perl-version
RHEL 6
3:0.77-119.el6
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://openwall.com/lists/oss-security/2011/04/01/3
http://openwall.com/lists/oss-security/2011/04/04/35
http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
http://secunia.com/advisories/43921
http://secunia.com/advisories/44168
http://www.debian.org/security/2011/dsa-2265
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
http://www.securityfocus.com/bid/47124
https://bugzilla.redhat.com/show_bug.cgi?id=692844
https://bugzilla.redhat.com/show_bug.cgi?id=692898
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://openwall.com/lists/oss-security/2011/04/01/3
http://openwall.com/lists/oss-security/2011/04/04/35
http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
http://secunia.com/advisories/43921
http://secunia.com/advisories/44168
http://www.debian.org/security/2011/dsa-2265
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
http://www.securityfocus.com/bid/47124
https://bugzilla.redhat.com/show_bug.cgi?id=692844
https://bugzilla.redhat.com/show_bug.cgi?id=692898
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528