CVE-2011-1487

EUVD-2011-1490
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
perlperl
5.10.0
perlperl
5.10.0:rc1
perlperl
5.10.0:rc2
perlperl
5.10.1
perlperl
5.10.1:rc1
perlperl
5.10.1:rc2
perlperl
5.13.0
perlperl
5.13.1
perlperl
5.13.2
perlperl
5.13.3
perlperl
5.13.4
perlperl
5.13.5
perlperl
5.13.6
perlperl
5.13.7
perlperl
5.13.8
perlperl
5.13.9
perlperl
5.13.10
perlperl
5.13.11
perlperl
5.11.0
perlperl
5.11.1
perlperl
5.11.2
perlperl
5.11.3
perlperl
5.11.4
perlperl
5.11.5
perlperl
5.12.0
perlperl
5.12.0:rc0
perlperl
5.12.0:rc1
perlperl
5.12.0:rc2
perlperl
5.12.0:rc3
perlperl
5.12.0:rc4
perlperl
5.12.0:rc5
perlperl
5.12.1
perlperl
5.12.1:rc1
perlperl
5.12.1:rc2
perlperl
5.12.2
perlperl
5.12.2:rc1
perlperl
5.12.3
perlperl
5.12.3:rc1
perlperl
5.12.3:rc2
perlperl
5.12.3:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
perl
bookworm
5.36.0-7+deb12u1
fixed
bullseye
5.32.1-4+deb11u3
fixed
bullseye (security)
5.32.1-4+deb11u4
fixed
sid
5.40.0-6
fixed
trixie
5.40.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
perl
dapper
not-affected
hardy
not-affected
karmic
ignored
lucid
Fixed 5.10.1-8ubuntu2.1
released
maverick
Fixed 5.10.1-12ubuntu2.1
released
natty
Fixed 5.10.1-17ubuntu4.1
released
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://openwall.com/lists/oss-security/2011/04/01/3
http://openwall.com/lists/oss-security/2011/04/04/35
http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
http://secunia.com/advisories/43921
http://secunia.com/advisories/44168
http://www.debian.org/security/2011/dsa-2265
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
http://www.securityfocus.com/bid/47124
https://bugzilla.redhat.com/show_bug.cgi?id=692844
https://bugzilla.redhat.com/show_bug.cgi?id=692898
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://openwall.com/lists/oss-security/2011/04/01/3
http://openwall.com/lists/oss-security/2011/04/04/35
http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
http://secunia.com/advisories/43921
http://secunia.com/advisories/44168
http://www.debian.org/security/2011/dsa-2265
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
http://www.securityfocus.com/bid/47124
https://bugzilla.redhat.com/show_bug.cgi?id=692844
https://bugzilla.redhat.com/show_bug.cgi?id=692898
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528