CVE-2005-3962
Detail
Deferred This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Current Description
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Analysis
Description
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap, as demonstrated using format string vulnerabilities in Perl applications.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
CVE, Inc., Red Hat
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
CVE, Inc., Red Hat
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
CVE, Inc., Red Hat
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
CVE, Inc., Red Hat
http://docs.info.apple.com/article.html?artnum=304829
CVE, Inc., Red Hat
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
CVE, Inc., Red Hat
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
CVE, Inc., Red Hat
http://secunia.com/advisories/17762
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/17802
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/17844
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/17941
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/17952
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/17993
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/18075
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/18183
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/18187
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/18295
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/18413
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/18517
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/19041
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/20894
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/23155
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/31208
CVE, Inc., Red Hat
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
CVE, Inc., Red Hat
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
CVE, Inc., Red Hat
http://www.debian.org/security/2006/dsa-943
CVE, Inc., Red Hat
http://www.dyadsecurity.com/perl-0002.html
CVE, Inc., Red Hat
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
CVE, Inc., Red Hat
http://www.ipcop.org/index.php?name=News&file=article&sid=41
CVE, Inc., Red Hat
http://www.kb.cert.org/vuls/id/948385
CVE, Inc., Red Hat
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
CVE, Inc., Red Hat
http://www.novell.com/linux/security/advisories/2005_29_sr.html
CVE, Inc., Red Hat
http://www.novell.com/linux/security/advisories/2005_71_perl.html
CVE, Inc., Red Hat
http://www.openbsd.org/errata37.html#perl
CVE, Inc., Red Hat
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
CVE, Inc., Red Hat
http://www.osvdb.org/21345
CVE, Inc., Red Hat
http://www.osvdb.org/22255
CVE, Inc., Red Hat
http://www.redhat.com/support/errata/RHSA-2005-880.html
CVE, Inc., Red Hat
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-881.html
CVE, Inc., Red Hat
Vendor Advisory
http://www.securityfocus.com/archive/1/418333/100/0/threaded
CVE, Inc., Red Hat
http://www.securityfocus.com/archive/1/438726/100/0/threaded
CVE, Inc., Red Hat
http://www.securityfocus.com/bid/15629
CVE, Inc., Red Hat
http://www.trustix.org/errata/2005/0070
CVE, Inc., Red Hat
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
CVE, Inc., Red Hat
US Government Resource
http://www.vupen.com/english/advisories/2005/2688
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/0771
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/2613
CVE, Inc., Red Hat
Vendor Advisory
http://www.vupen.com/english/advisories/2006/4750
CVE, Inc., Red Hat
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
CVE, Inc., Red Hat
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
CVE, Inc., Red Hat
https://usn.ubuntu.com/222-1/
CVE, Inc., Red Hat
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
CVE, Inc., Red Hat
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-189
Numeric Errors
NIST
Change History
7 change records found show changes
CVE Modified by CVE 11/20/2024 7:03:10 PM
Action
Type
Old Value
New Value
Added
Reference
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
Added
Reference
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
Added
Reference
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
Added
Reference
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
Added
Reference
http://docs.info.apple.com/article.html?artnum=304829
Added
Reference
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
Added
Reference
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
Added
Reference
http://secunia.com/advisories/17762
Added
Reference
http://secunia.com/advisories/17802
Added
Reference
http://secunia.com/advisories/17844
Added
Reference
http://secunia.com/advisories/17941
Added
Reference
http://secunia.com/advisories/17952
Added
Reference
http://secunia.com/advisories/17993
Added
Reference
http://secunia.com/advisories/18075
Added
Reference
http://secunia.com/advisories/18183
Added
Reference
http://secunia.com/advisories/18187
Added
Reference
http://secunia.com/advisories/18295
Added
Reference
http://secunia.com/advisories/18413
Added
Reference
http://secunia.com/advisories/18517
Added
Reference
http://secunia.com/advisories/19041
Added
Reference
http://secunia.com/advisories/20894
Added
Reference
http://secunia.com/advisories/23155
Added
Reference
http://secunia.com/advisories/31208
Added
Reference
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
Added
Reference
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
Added
Reference
http://www.debian.org/security/2006/dsa-943
Added
Reference
http://www.dyadsecurity.com/perl-0002.html
Added
Reference
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
Added
Reference
http://www.ipcop.org/index.php?name=News&file=article&sid=41
Added
Reference
http://www.kb.cert.org/vuls/id/948385
Added
Reference
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
Added
Reference
http://www.novell.com/linux/security/advisories/2005_29_sr.html
Added
Reference
http://www.novell.com/linux/security/advisories/2005_71_perl.html
Added
Reference
http://www.openbsd.org/errata37.html#perl
Added
Reference
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
Added
Reference
http://www.osvdb.org/21345
Added
Reference
http://www.osvdb.org/22255
Added
Reference
http://www.redhat.com/support/errata/RHSA-2005-880.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2005-881.html
Added
Reference
http://www.securityfocus.com/archive/1/418333/100/0/threaded
Added
Reference
http://www.securityfocus.com/archive/1/438726/100/0/threaded
Added
Reference
http://www.securityfocus.com/archive/1/438726/100/0/threaded
Added
Reference
http://www.securityfocus.com/bid/15629
Added
Reference
http://www.trustix.org/errata/2005/0070
Added
Reference
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Added
Reference
http://www.vupen.com/english/advisories/2005/2688
Added
Reference
http://www.vupen.com/english/advisories/2006/0771
Added
Reference
http://www.vupen.com/english/advisories/2006/2613
Added
Reference
http://www.vupen.com/english/advisories/2006/4750
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
Added
Reference
https://usn.ubuntu.com/222-1/
Added
Reference
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
CVE Modified by Red Hat, Inc. 5/13/2024 9:32:50 PM
Action
Type
Old Value
New Value
CVE Modified by Red Hat, Inc. 10/19/2018 11:39:39 AM
Action
Type
Old Value
New Value
Added
Reference
http://www.securityfocus.com/archive/1/418333/100/0/threaded [No Types Assigned]
Added
Reference
http://www.securityfocus.com/archive/1/438726/100/0/threaded [No Types Assigned]
Removed
Reference
http://www.securityfocus.com/archive/1/archive/1/418333/100/0/threaded [No Types Assigned]
Removed
Reference
http://www.securityfocus.com/archive/1/archive/1/438726/100/0/threaded [No Types Assigned]
CVE Modified by Red Hat, Inc. 10/03/2018 5:34:02 PM
Action
Type
Old Value
New Value
Added
Reference
https://usn.ubuntu.com/222-1/ [No Types Assigned]
Removed
Reference
http://www.ubuntulinux.org/support/documentation/usn/usn-222-1 [No Types Assigned]
CVE Modified by Red Hat, Inc. 10/10/2017 9:30:29 PM
Action
Type
Old Value
New Value
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 [No Types Assigned]
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10598 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1074 [Tool Signature, US Government Resource]
CVE Modified by Red Hat, Inc. 10/17/2016 11:37:59 PM
Action
Type
Old Value
New Value
Added
Reference
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
Removed
Reference
http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
Initial CVE Analysis 12/01/2005 12:21:00 PM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2005-3962 NVD
Published Date: 12/01/2005 NVD
Last Modified: 04/02/2025
Source: Red Hat, Inc.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
