Perl up to 5.24.2/5.26.0 win32/perlhost.h CPerlHost::Add Environment Variable memory corruption

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Perl up to 5.24.2/5.26.0 (Programming Language Software). It has been rated as critical. Affected by this issue is the function CPerlHost::Add of the file win32/perlhost.h. Upgrading to version 5.24.3-RC1 or 5.26.1-RC1 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at perl5.git.perl.org. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1082023601/14/2021VulD...cvss2_nvd_basescore7.5nist.gov01/14/2021accepted90
1082023501/14/2021VulD...person_nameJohn Leitchsecurityfocus.com01/14/2021accepted70
714381311/20/2019VulD...securityfocus_classBoundary Condition Errorsecurityfocus.com11/20/2019accepted100
714381211/20/2019VulD...securityfocus_date1506556800 (09/28/2017)securityfocus.com11/20/2019accepted100
714380411/20/2019VulD...date1506211200 (09/24/2017)11/20/2019accepted100
714380111/20/2019VulD...confirm_urlhttps://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1perl5.git.perl.org11/20/2019accepted100
714376011/20/2019VulD...discoverydate150543360011/20/2019accepted100
714382909/28/2017VulD...cvss3_nvd_basescore9.8nist.gov09/28/2017accepted90
714382809/28/2017VulD...0day_days909/28/2017accepted90
714382709/28/2017VulD...cvss3_vuldb_rcC09/28/2017accepted90
714382609/28/2017VulD...cvss3_vuldb_rlO09/28/2017accepted90
714382509/28/2017VulD...cvss3_vuldb_eX09/28/2017accepted90
714382409/28/2017VulD...cvss2_vuldb_rcC09/28/2017accepted90
714382309/28/2017VulD...cvss2_vuldb_rlOF09/28/2017accepted90
714382209/28/2017VulD...cvss2_vuldb_eND09/28/2017accepted90
714382109/28/2017VulD...nessus_date1506297600 (09/25/2017)tenable.com09/28/2017accepted100
714382009/28/2017VulD...nessus_typelocaltenable.com09/28/2017accepted100
714381909/28/2017VulD...nessus_familyFreeBSD Local Security Checkstenable.com09/28/2017accepted100
714381809/28/2017VulD...nessus_riskHightenable.com09/28/2017accepted100
714381709/28/2017VulD...nessus_filenamefreebsd_pkg_d9e82328a12911e7987e4f174049b30a.nasltenable.com09/28/2017accepted100

Do you want to use VulDB in your project?

Use the official API to access entries easily!