Main Vulnerability Database Exploits ID:4080 - Exploit for Input validation error in Perl - CVE-2010-4777

ID:4080 - Exploit for Input validation error in Perl - CVE-2010-4777

Published: August 11, 2020

Vulnerability identifier: #VU42051

Vulnerability risk: Medium

CVE-ID: CVE-2010-4777

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Perl

Link to public exploit:

https://www.exploit-db.com/exploits/35489/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

Remediation

Install update from vendor's website.

ID:4080 - Exploit for Input validation error in Perl - CVE-2010-4777

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human