Vulnerability Description
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Perl | Perl | 5.8.6 |
Related Weaknesses (CWE)
References
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
- ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://marc.info/?l=full-disclosure&m=113342788118630&w=2
- http://secunia.com/advisories/17762Vendor Advisory
- http://secunia.com/advisories/17802Vendor Advisory
- http://secunia.com/advisories/17844Vendor Advisory
- http://secunia.com/advisories/17941Vendor Advisory
- http://secunia.com/advisories/17952Vendor Advisory
- http://secunia.com/advisories/17993Vendor Advisory
- http://secunia.com/advisories/18075Vendor Advisory
- http://secunia.com/advisories/18183Vendor Advisory
FAQ
What is CVE-2005-3962?
CVE-2005-3962 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string...
How severe is CVE-2005-3962?
CVE-2005-3962 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3962?
Check the references section above for vendor advisories and patch information. Affected products include: Perl Perl.