CVE-2013-1667

EUVD-2013-1694
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
perlperl
5.8.2
perlperl
5.8.3
perlperl
5.8.4
perlperl
5.8.5
perlperl
5.8.6
perlperl
5.8.7
perlperl
5.8.8
perlperl
5.8.9
perlperl
5.8.10
perlperl
5.10
perlperl
5.10.0
perlperl
5.10.0:rc1
perlperl
5.10.0:rc2
perlperl
5.10.1
perlperl
5.10.1:rc1
perlperl
5.10.1:rc2
perlperl
5.11.0
perlperl
5.11.1
perlperl
5.11.2
perlperl
5.11.3
perlperl
5.11.4
perlperl
5.11.5
perlperl
5.12.0
perlperl
5.12.0:rc0
perlperl
5.12.0:rc1
perlperl
5.12.0:rc2
perlperl
5.12.0:rc3
perlperl
5.12.0:rc4
perlperl
5.12.0:rc5
perlperl
5.12.1
perlperl
5.12.1:rc1
perlperl
5.12.1:rc2
perlperl
5.12.2
perlperl
5.12.2:rc1
perlperl
5.12.3
perlperl
5.12.3:rc1
perlperl
5.12.3:rc2
perlperl
5.12.3:rc3
perlperl
5.12.4
perlperl
5.13.0
perlperl
5.13.1
perlperl
5.13.2
perlperl
5.13.3
perlperl
5.13.4
perlperl
5.13.5
perlperl
5.13.6
perlperl
5.13.7
perlperl
5.13.8
perlperl
5.13.9
perlperl
5.13.10
perlperl
5.13.11
perlperl
5.14.0
perlperl
5.14.0:rc1
perlperl
5.14.0:rc2
perlperl
5.14.0:rc3
perlperl
5.14.1
perlperl
5.14.2
perlperl
5.14.3
perlperl
5.16.0
perlperl
5.16.1
perlperl
5.16.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
perl
bookworm
5.36.0-7+deb12u1
fixed
bullseye
5.32.1-4+deb11u3
fixed
bullseye (security)
5.32.1-4+deb11u4
fixed
sid
5.40.0-6
fixed
trixie
5.40.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
perl
hardy
Fixed 5.8.8-12ubuntu0.8
released
lucid
Fixed 5.10.1-8ubuntu2.3
released
oneiric
Fixed 5.12.4-4ubuntu0.2
released
precise
Fixed 5.14.2-6ubuntu2.3
released
quantal
Fixed 5.14.2-13ubuntu0.2
released
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://marc.info/?l=bugtraq&m=137891988921058&w=2
http://osvdb.org/90892
http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5
http://perl5.git.perl.org/perl.git/commitdiff/9d83adc
http://perl5.git.perl.org/perl.git/commitdiff/d59e31f
http://rhn.redhat.com/errata/RHSA-2013-0685.html
http://secunia.com/advisories/52472
http://secunia.com/advisories/52499
http://www.debian.org/security/2013/dsa-2641
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/58311
http://www.ubuntu.com/usn/USN-1770-1
https://bugzilla.redhat.com/show_bug.cgi?id=912276
https://exchange.xforce.ibmcloud.com/vulnerabilities/82598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://marc.info/?l=bugtraq&m=137891988921058&w=2
http://osvdb.org/90892
http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5
http://perl5.git.perl.org/perl.git/commitdiff/9d83adc
http://perl5.git.perl.org/perl.git/commitdiff/d59e31f
http://rhn.redhat.com/errata/RHSA-2013-0685.html
http://secunia.com/advisories/52472
http://secunia.com/advisories/52499
http://www.debian.org/security/2013/dsa-2641
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/58311
http://www.ubuntu.com/usn/USN-1770-1
https://bugzilla.redhat.com/show_bug.cgi?id=912276
https://exchange.xforce.ibmcloud.com/vulnerabilities/82598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094