CVE-2017-12814: Buffer Overflow
First published: Wed Sep 27 2017(Updated: )
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Perl | <=5.24.2 | |
| Perl | =5.26.0 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/101051
- https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1
- https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1
- https://rt.perl.org/Public/Bug/Display.html?id=131665
- https://security.netapp.com/advisory/ntap-20180426-0001/
- https://www.oracle.com/security-alerts/cpujul2020.html
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/description
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/perl
- canonical/perl
- version/perl/5.24.2
- version/perl/5.26.0
- vendor/microsoft
- canonical/microsoft windows