CVE-2007-5116: Buffer Overflow
First published: Mon Oct 08 2007(Updated: )
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian GNU/Linux | =3.1 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =4.0 | |
| Mandrake Linux | =2007 | |
| Mandrake Linux | =2007 | |
| Mandrake Linux | =2007.1 | |
| Mandrake Linux | =2007.1 | |
| Mandrake Linux | =2008.0 | |
| Mandrake Linux | =2008.0 | |
| Mandriva Linux Corporate Server | =3.0 | |
| Mandriva Linux Corporate Server | =3.0 | |
| Mandriva Linux Corporate Server | =4.0 | |
| Mandriva Linux Corporate Server | =4.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux | =5.0 | |
| redhat enterprise Linux desktop | =3.0 | |
| redhat enterprise Linux desktop | =4.0 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| Rpath Linux | =1 | |
| Perl | =5.8.0 | |
| Perl | =5.8.1 | |
| Perl | =5.8.3 | |
| Perl | =5.8.4 | |
| Perl | =5.8.4.1 | |
| Perl | =5.8.4.2 | |
| Perl | =5.8.4.2.3 | |
| Perl | =5.8.4.3 | |
| Perl | =5.8.4.4 | |
| Perl | =5.8.4.5 | |
| Perl | =5.8.6 | |
| Mandrakesoft Mandrake Multi Network Firewall | =2.0 | |
| openpkg openpkg | =current | |
| Red Hat Enterprise Linux | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=323571
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:207
- http://www.redhat.com/support/errata/RHSA-2007-0966.html
- http://www.redhat.com/support/errata/RHSA-2007-1011.html
- http://www.securityfocus.com/bid/26350
- http://secunia.com/advisories/27531
- http://secunia.com/advisories/27546
- https://bugzilla.redhat.com/show_bug.cgi?id=378131
- https://issues.rpath.com/browse/RPL-1813
- http://www.debian.org/security/2007/dsa-1400
- http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html
- http://www.novell.com/linux/security/advisories/2007_24_sr.html
- http://www.ubuntu.com/usn/usn-552-1
- http://securitytracker.com/id?1018899
- http://secunia.com/advisories/27479
- http://secunia.com/advisories/27515
- http://secunia.com/advisories/27548
- http://secunia.com/advisories/27613
- http://secunia.com/advisories/27570
- http://secunia.com/advisories/27936
- http://docs.info.apple.com/article.html?artnum=307179
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://secunia.com/advisories/28167
- http://lists.vmware.com/pipermail/security-announce/2008/000002.html
- http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm
- http://secunia.com/advisories/28368
- http://secunia.com/advisories/28387
- http://secunia.com/advisories/27756
- http://www.vmware.com/security/advisories/VMSA-2008-0001.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1
- http://secunia.com/advisories/28993
- http://secunia.com/advisories/29074
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1
- http://secunia.com/advisories/31208
- http://www.ipcop.org/index.php?name=News&file=article&sid=41
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2008/0064
- http://www.vupen.com/english/advisories/2008/0641
- http://www.vupen.com/english/advisories/2007/3724
- http://www.vupen.com/english/advisories/2007/4255
- http://marc.info/?l=bugtraq&m=120352263023774&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38270
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669
- http://www.securityfocus.com/archive/1/486859/100/0/threaded
- http://www.securityfocus.com/archive/1/485936/100/0/threaded
- http://www.securityfocus.com/archive/1/483584/100/0/threaded
- http://www.securityfocus.com/archive/1/483563/100/0/threaded
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=220101&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=220101&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=255541&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=255541&action=edit
- http://rhn.redhat.com/errata/RHSA-2007-0966.html
- http://rhn.redhat.com/errata/RHSA-2007-1011.html
- https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3255
- https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3218
- https://rhn.redhat.com/errata/RHSA-2010-0602.html
Frequently Asked Questions
What is the severity of CVE-2007-5116?
CVE-2007-5116 is classified as a critical vulnerability due to its potential to allow arbitrary code execution through a buffer overflow.
How do I fix CVE-2007-5116?
To remediate CVE-2007-5116, upgrade to a patched version of Perl that addresses this issue.
Which versions of Perl are affected by CVE-2007-5116?
CVE-2007-5116 affects Perl versions 5.8.0 through 5.8.4.5.
Can CVE-2007-5116 be exploited remotely?
Yes, CVE-2007-5116 can be exploited by context-dependent attackers remotely through crafted regular expressions.
What impact does CVE-2007-5116 have on applications using Perl?
Applications using vulnerable versions of Perl may be subject to arbitrary code execution, leading to potential data breaches or system compromise.
- collector/nvd-historical
- collector/redhat-bugzilla
- alias/CVE-2007-5116
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/3.1
- version/debian gnu/linux/4.0
- vendor/mandrakesoft
- canonical/mandrake linux
- version/mandrake linux/2007
- version/mandrake linux/2007.1
- version/mandrake linux/2008.0
- canonical/mandriva linux corporate server
- version/mandriva linux corporate server/3.0
- version/mandriva linux corporate server/4.0
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/3.0
- version/red hat enterprise linux/4.0
- version/red hat enterprise linux/5.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/3.0
- version/redhat enterprise linux desktop/4.0
- canonical/red hat linux advanced workstation
- version/red hat linux advanced workstation/2.1
- vendor/rpath
- canonical/rpath linux
- version/rpath linux/1
- vendor/larry wall
- canonical/perl
- version/perl/5.8.0
- version/perl/5.8.1
- version/perl/5.8.3
- version/perl/5.8.4
- version/perl/5.8.4.1
- version/perl/5.8.4.2
- version/perl/5.8.4.2.3
- version/perl/5.8.4.3
- version/perl/5.8.4.4
- version/perl/5.8.4.5
- version/perl/5.8.6
- canonical/mandrakesoft mandrake multi network firewall
- version/mandrakesoft mandrake multi network firewall/2.0
- vendor/openpkg
- canonical/openpkg openpkg
- version/openpkg openpkg/current
- version/red hat enterprise linux/1.0