NVD Vulnerability Detail

CVE-2005-3962

Summary	Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Publication Date	Dec. 2, 2005, 2:03 a.m.
Registration Date	Jan. 29, 2021, 5:59 p.m.
Last Update	Oct. 20, 2018, 12:39 a.m.

CVSS2.0 : MEDIUM
Score	4.6
Vector	AV:L/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	はい
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:perl:perl:5.8.6:::::::*
cpe:2.3:a:perl:perl:5.9.2:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch	CONFIRM
2	ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch	CONFIRM
3	ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U	SGI
4	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056	CONECTIVA
5	http://docs.info.apple.com/article.html?artnum=304829	CONFIRM
6	http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html	APPLE
7	http://marc.info/?l=full-disclosure&m=113342788118630&w=2	FULLDISC
8	http://secunia.com/advisories/17762	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/17802	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/17844	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/17941	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/17952	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/17993	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/18075	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/18183	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/18187	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/18295	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/18413	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/18517	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/19041	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/20894	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/23155	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/31208	SECUNIA	Vendor Advisory
24	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1	SUNALERT
25	http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm	CONFIRM
26	http://www.debian.org/security/2006/dsa-943	DEBIAN
27	http://www.dyadsecurity.com/perl-0002.html	MISC	Patch Vendor Advisory
28	http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml	GENTOO
29	http://www.ipcop.org/index.php?name=News&file=article&sid=41	CONFIRM
30	http://www.kb.cert.org/vuls/id/948385	CERT-VN	US Government Resource
31	http://www.mandriva.com/security/advisories?name=MDKSA-2005:225	MANDRAKE
32	http://www.novell.com/linux/security/advisories/2005_29_sr.html	SUSE
33	http://www.novell.com/linux/security/advisories/2005_71_perl.html	SUSE
34	http://www.openbsd.org/errata37.html#perl	OPENBSD
35	http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html	OPENPKG
36	http://www.osvdb.org/21345	OSVDB
37	http://www.osvdb.org/22255	OSVDB
38	http://www.redhat.com/support/errata/RHSA-2005-880.html	REDHAT	Vendor Advisory
39	http://www.redhat.com/support/errata/RHSA-2005-881.html	REDHAT	Vendor Advisory
40	http://www.securityfocus.com/archive/1/418333/100/0/threaded	BUGTRAQ
41	http://www.securityfocus.com/archive/1/438726/100/0/threaded	HP
42	http://www.securityfocus.com/bid/15629	BID
43	http://www.trustix.org/errata/2005/0070	TRUSTIX
44	http://www.us-cert.gov/cas/techalerts/TA06-333A.html	CERT	US Government Resource
45	http://www.vupen.com/english/advisories/2005/2688	VUPEN
46	http://www.vupen.com/english/advisories/2006/0771	VUPEN
47	http://www.vupen.com/english/advisories/2006/2613	VUPEN	Vendor Advisory
48	http://www.vupen.com/english/advisories/2006/4750	VUPEN
49	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598	OVAL
50	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074	OVAL
51	https://usn.ubuntu.com/222-1/	UBUNTU
52	https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html	FEDORA

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html