Strawberry Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Strawberry Perl and is prone to heap based buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator. Impact Level: System/Application

Solution

Upgrade to Strawberry Perl 5.12.5, 5.14.3, 15.15.5 or later, For updates refer to http://strawberryperl.com

Insight

The Perl_repeatcpy() function in util.c fails to properly sanitize user supplied input while handling the string repeat operator.

Affected

Strawberry Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3 and 5.15.x before 15.15.5 on Windows

References

http://secunia.com/advisories/51457
http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
http://www.osvdb.org/86854

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5195

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability
Citrix Provisioning Services SoapServer Buffer Overflow Vulnerability
Audacity Buffer Overflow Vulnerability (Linux)
ALLMediaServer Request Handling Buffer Overflow Vulnerability
DesignWorks Professional '.cct' File BOF Vulnerability

Take action and discover your vulnerabilities