Vulnerabilities > CVE-2009-3626 - Unspecified vulnerability in Perl 5.10.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
perl
NVD
Published: 2009-10-29
Updated: 2024-11-21

Summary

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

Vulnerable Configurations

Part Description Count
Application
Perl
1

Seebug

bulletinFamilyexploit
descriptionBugraq ID: 36812 CVE ID: CVE-2009-3626 Perl是一款流行的网络编程语言。 Perl在处理包含在规则表达式中使用UTF-8字符的字符串时存在错误,远程攻击者可以利用漏洞使解释器崩溃。 提交包含大量非法的UTF-8字符的邮件消息,给使用Perl的应用程序解析,可导致解析器崩溃。 Larry Wall Perl 5.10.1 + Turbolinux Home + Turbolinux Turbolinux Desktop 10.0 厂商解决方案 GIT库已经修正此漏洞,建议用户下载使用: http://perl5.git.perl.org/perl.git/commitdiff/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4
idSSV:12531
last seen2017-11-19
modified2009-10-28
published2009-10-28
reporterRoot
titlePerl UTF-8规则表达式处理远程拒绝服务漏洞

Statements

contributorTomas Hoger
lastmodified2009-10-30
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 3, 4, or 5.

References