CVE-2010-1158

Published Apr 20, 2010

Last updated 11 years ago

CVSS info 5.0

Overview

Description: Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-189

Hype score: Not currently trending

Vendor comments

Red HatThe Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References