Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-12814 (GCVE-0-2017-12814)
Vulnerability from cvelistv5 – Published: 2017-09-27 17:00 – Updated: 2024-08-05 18:51
VLAI?
EPSS
Summary
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2017-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101051"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131665",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12814",
"datePublished": "2017-09-27T17:00:00.000Z",
"dateReserved": "2017-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:51:06.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-12814\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-09-28T01:29:01.327\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer basado en pila en el m\u00e9todo CPerlHost::Add en win32/perlhost.h en Perl en versiones anteriores a la 5.24.3-RC1 y las versiones 5.26.x anteriores a 5.26.1-RC1 en Windows permite que los atacantes ejecuten c\u00f3digo arbitrario mediante una variable de entorno larga.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.24.2\",\"matchCriteriaId\":\"DB276E2C-622C-45EB-8378-35751366049F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B71CAECA-2A6A-4604-863F-3C1C055FB1CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101051\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://rt.perl.org/Public/Bug/Display.html?id=131665\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180426-0001/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/101051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://rt.perl.org/Public/Bug/Display.html?id=131665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180426-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GHSA-6G5G-X3HJ-6V2X
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2025-04-20 03:46
VLAI?
Details
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2017-12814"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-28T01:29:00Z",
"severity": "CRITICAL"
},
"details": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.",
"id": "GHSA-6g5g-x3hj-6v2x",
"modified": "2025-04-20T03:46:00Z",
"published": "2022-05-13T01:25:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12814"
},
{
"type": "WEB",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"type": "WEB",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"type": "WEB",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101051"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2017-12814
Vulnerability from fkie_nvd - Published: 2017-09-28 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB276E2C-622C-45EB-8378-35751366049F",
"versionEndIncluding": "5.24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71CAECA-2A6A-4604-863F-3C1C055FB1CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en el m\u00e9todo CPerlHost::Add en win32/perlhost.h en Perl en versiones anteriores a la 5.24.3-RC1 y las versiones 5.26.x anteriores a 5.26.1-RC1 en Windows permite que los atacantes ejecuten c\u00f3digo arbitrario mediante una variable de entorno larga."
}
],
"id": "CVE-2017-12814",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-28T01:29:01.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
OPENSUSE-SU-2024:11158-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
perl-32bit-5.34.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: perl-32bit-5.34.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the perl-32bit-5.34.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11158
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "perl-32bit-5.34.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the perl-32bit-5.34.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11158",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11158-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-3962 page",
"url": "https://www.suse.com/security/cve/CVE-2005-3962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5116 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12814 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12837 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12883 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18311 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18312 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10543 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10878 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12723 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12723/"
}
],
"title": "perl-32bit-5.34.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11158-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "perl-5.34.0-1.1.aarch64",
"product": {
"name": "perl-5.34.0-1.1.aarch64",
"product_id": "perl-5.34.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-32bit-5.34.0-1.1.aarch64",
"product": {
"name": "perl-32bit-5.34.0-1.1.aarch64",
"product_id": "perl-32bit-5.34.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-base-5.34.0-1.1.aarch64",
"product": {
"name": "perl-base-5.34.0-1.1.aarch64",
"product_id": "perl-base-5.34.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-base-32bit-5.34.0-1.1.aarch64",
"product": {
"name": "perl-base-32bit-5.34.0-1.1.aarch64",
"product_id": "perl-base-32bit-5.34.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-doc-5.34.0-1.1.aarch64",
"product": {
"name": "perl-doc-5.34.0-1.1.aarch64",
"product_id": "perl-doc-5.34.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-5.34.0-1.1.ppc64le",
"product": {
"name": "perl-5.34.0-1.1.ppc64le",
"product_id": "perl-5.34.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-32bit-5.34.0-1.1.ppc64le",
"product": {
"name": "perl-32bit-5.34.0-1.1.ppc64le",
"product_id": "perl-32bit-5.34.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-base-5.34.0-1.1.ppc64le",
"product": {
"name": "perl-base-5.34.0-1.1.ppc64le",
"product_id": "perl-base-5.34.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-base-32bit-5.34.0-1.1.ppc64le",
"product": {
"name": "perl-base-32bit-5.34.0-1.1.ppc64le",
"product_id": "perl-base-32bit-5.34.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-doc-5.34.0-1.1.ppc64le",
"product": {
"name": "perl-doc-5.34.0-1.1.ppc64le",
"product_id": "perl-doc-5.34.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-5.34.0-1.1.s390x",
"product": {
"name": "perl-5.34.0-1.1.s390x",
"product_id": "perl-5.34.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-32bit-5.34.0-1.1.s390x",
"product": {
"name": "perl-32bit-5.34.0-1.1.s390x",
"product_id": "perl-32bit-5.34.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-base-5.34.0-1.1.s390x",
"product": {
"name": "perl-base-5.34.0-1.1.s390x",
"product_id": "perl-base-5.34.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-base-32bit-5.34.0-1.1.s390x",
"product": {
"name": "perl-base-32bit-5.34.0-1.1.s390x",
"product_id": "perl-base-32bit-5.34.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-doc-5.34.0-1.1.s390x",
"product": {
"name": "perl-doc-5.34.0-1.1.s390x",
"product_id": "perl-doc-5.34.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-5.34.0-1.1.x86_64",
"product": {
"name": "perl-5.34.0-1.1.x86_64",
"product_id": "perl-5.34.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-32bit-5.34.0-1.1.x86_64",
"product": {
"name": "perl-32bit-5.34.0-1.1.x86_64",
"product_id": "perl-32bit-5.34.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-base-5.34.0-1.1.x86_64",
"product": {
"name": "perl-base-5.34.0-1.1.x86_64",
"product_id": "perl-base-5.34.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-base-32bit-5.34.0-1.1.x86_64",
"product": {
"name": "perl-base-32bit-5.34.0-1.1.x86_64",
"product_id": "perl-base-32bit-5.34.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-doc-5.34.0-1.1.x86_64",
"product": {
"name": "perl-doc-5.34.0-1.1.x86_64",
"product_id": "perl-doc-5.34.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.34.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64"
},
"product_reference": "perl-5.34.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.34.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le"
},
"product_reference": "perl-5.34.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.34.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-5.34.0-1.1.s390x"
},
"product_reference": "perl-5.34.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.34.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64"
},
"product_reference": "perl-5.34.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.34.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64"
},
"product_reference": "perl-32bit-5.34.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.34.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le"
},
"product_reference": "perl-32bit-5.34.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.34.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x"
},
"product_reference": "perl-32bit-5.34.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.34.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64"
},
"product_reference": "perl-32bit-5.34.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.34.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64"
},
"product_reference": "perl-base-5.34.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.34.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le"
},
"product_reference": "perl-base-5.34.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.34.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x"
},
"product_reference": "perl-base-5.34.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.34.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64"
},
"product_reference": "perl-base-5.34.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-32bit-5.34.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64"
},
"product_reference": "perl-base-32bit-5.34.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-32bit-5.34.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le"
},
"product_reference": "perl-base-32bit-5.34.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-32bit-5.34.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x"
},
"product_reference": "perl-base-32bit-5.34.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-32bit-5.34.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64"
},
"product_reference": "perl-base-32bit-5.34.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.34.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64"
},
"product_reference": "perl-doc-5.34.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.34.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le"
},
"product_reference": "perl-doc-5.34.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.34.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x"
},
"product_reference": "perl-doc-5.34.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.34.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
},
"product_reference": "perl-doc-5.34.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-3962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-3962"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-3962",
"url": "https://www.suse.com/security/cve/CVE-2005-3962"
},
{
"category": "external",
"summary": "SUSE Bug 136360 for CVE-2005-3962",
"url": "https://bugzilla.suse.com/136360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2005-3962"
},
{
"cve": "CVE-2007-5116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5116"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5116",
"url": "https://www.suse.com/security/cve/CVE-2007-5116"
},
{
"category": "external",
"summary": "SUSE Bug 332199 for CVE-2007-5116",
"url": "https://bugzilla.suse.com/332199"
},
{
"category": "external",
"summary": "SUSE Bug 372331 for CVE-2007-5116",
"url": "https://bugzilla.suse.com/372331"
},
{
"category": "external",
"summary": "SUSE Bug 915514 for CVE-2007-5116",
"url": "https://bugzilla.suse.com/915514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-5116"
},
{
"cve": "CVE-2017-12814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12814"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12814",
"url": "https://www.suse.com/security/cve/CVE-2017-12814"
},
{
"category": "external",
"summary": "SUSE Bug 1057727 for CVE-2017-12814",
"url": "https://bugzilla.suse.com/1057727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-12814"
},
{
"cve": "CVE-2017-12837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12837"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12837",
"url": "https://www.suse.com/security/cve/CVE-2017-12837"
},
{
"category": "external",
"summary": "SUSE Bug 1057724 for CVE-2017-12837",
"url": "https://bugzilla.suse.com/1057724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-12837"
},
{
"cve": "CVE-2017-12883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12883"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid \u0027\\N{U+...}\u0027 escape.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12883",
"url": "https://www.suse.com/security/cve/CVE-2017-12883"
},
{
"category": "external",
"summary": "SUSE Bug 1057721 for CVE-2017-12883",
"url": "https://bugzilla.suse.com/1057721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12883"
},
{
"cve": "CVE-2018-18311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18311"
}
],
"notes": [
{
"category": "general",
"text": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18311",
"url": "https://www.suse.com/security/cve/CVE-2018-18311"
},
{
"category": "external",
"summary": "SUSE Bug 1114674 for CVE-2018-18311",
"url": "https://bugzilla.suse.com/1114674"
},
{
"category": "external",
"summary": "SUSE Bug 1132018 for CVE-2018-18311",
"url": "https://bugzilla.suse.com/1132018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18311"
},
{
"cve": "CVE-2018-18312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18312"
}
],
"notes": [
{
"category": "general",
"text": "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18312",
"url": "https://www.suse.com/security/cve/CVE-2018-18312"
},
{
"category": "external",
"summary": "SUSE Bug 1114675 for CVE-2018-18312",
"url": "https://bugzilla.suse.com/1114675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-18312"
},
{
"cve": "CVE-2020-10543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10543"
}
],
"notes": [
{
"category": "general",
"text": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10543",
"url": "https://www.suse.com/security/cve/CVE-2020-10543"
},
{
"category": "external",
"summary": "SUSE Bug 1171863 for CVE-2020-10543",
"url": "https://bugzilla.suse.com/1171863"
},
{
"category": "external",
"summary": "SUSE Bug 1225627 for CVE-2020-10543",
"url": "https://bugzilla.suse.com/1225627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10543"
},
{
"cve": "CVE-2020-10878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10878"
}
],
"notes": [
{
"category": "general",
"text": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10878",
"url": "https://www.suse.com/security/cve/CVE-2020-10878"
},
{
"category": "external",
"summary": "SUSE Bug 1171864 for CVE-2020-10878",
"url": "https://bugzilla.suse.com/1171864"
},
{
"category": "external",
"summary": "SUSE Bug 1225627 for CVE-2020-10878",
"url": "https://bugzilla.suse.com/1225627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10878"
},
{
"cve": "CVE-2020-12723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12723"
}
],
"notes": [
{
"category": "general",
"text": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12723",
"url": "https://www.suse.com/security/cve/CVE-2020-12723"
},
{
"category": "external",
"summary": "SUSE Bug 1171866 for CVE-2020-12723",
"url": "https://bugzilla.suse.com/1171866"
},
{
"category": "external",
"summary": "SUSE Bug 1225627 for CVE-2020-12723",
"url": "https://bugzilla.suse.com/1225627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-12723"
}
]
}
CNVD-2017-33378
Vulnerability from cnvd - Published: 2017-11-09
VLAI Severity ?
Title
Perl栈缓冲区溢出漏洞
Description
Perl是美国程序员拉里-沃尔(Larry Wall)所研发的一种免费且功能强大的跨平台编程语言。
Perl 5.24.3-RC1之前的版本和5.26.1-RC1之前的5.26.x版本中的win32/perlhost.h文件的CPerlHost::Add方法存在栈缓冲区溢出漏洞。攻击者可利用该漏洞执行任意代码。
Severity
高
Patch Name
Perl栈缓冲区溢出漏洞的补丁
Patch Description
Perl是美国程序员拉里-沃尔(Larry Wall)所研发的一种免费且功能强大的跨平台编程语言。
Perl 5.24.3-RC1之前的版本和5.26.1-RC1之前的5.26.x版本中的win32/perlhost.h文件的CPerlHost::Add方法存在栈缓冲区溢出漏洞。攻击者可利用该漏洞执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://rt.perl.org/Public/Bug/Display.html?id=131665
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-12814
Impacted products
| Name | ['Perl Perl <5.24.3-RC1', 'Perl Perl 5.26.*,<5.26.1-RC1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-12814"
}
},
"description": "Perl\u662f\u7f8e\u56fd\u7a0b\u5e8f\u5458\u62c9\u91cc-\u6c83\u5c14\uff08Larry Wall\uff09\u6240\u7814\u53d1\u7684\u4e00\u79cd\u514d\u8d39\u4e14\u529f\u80fd\u5f3a\u5927\u7684\u8de8\u5e73\u53f0\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nPerl 5.24.3-RC1\u4e4b\u524d\u7684\u7248\u672c\u548c5.26.1-RC1\u4e4b\u524d\u76845.26.x\u7248\u672c\u4e2d\u7684win32/perlhost.h\u6587\u4ef6\u7684CPerlHost::Add\u65b9\u6cd5\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "John Leitch (john@autosectools.com), Bryce Darling (darlingbryce@gmail.com)",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://rt.perl.org/Public/Bug/Display.html?id=131665",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-33378",
"openTime": "2017-11-09",
"patchDescription": "Perl\u662f\u7f8e\u56fd\u7a0b\u5e8f\u5458\u62c9\u91cc-\u6c83\u5c14\uff08Larry Wall\uff09\u6240\u7814\u53d1\u7684\u4e00\u79cd\u514d\u8d39\u4e14\u529f\u80fd\u5f3a\u5927\u7684\u8de8\u5e73\u53f0\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nPerl 5.24.3-RC1\u4e4b\u524d\u7684\u7248\u672c\u548c5.26.1-RC1\u4e4b\u524d\u76845.26.x\u7248\u672c\u4e2d\u7684win32/perlhost.h\u6587\u4ef6\u7684CPerlHost::Add\u65b9\u6cd5\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Perl\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Perl Perl \u003c5.24.3-RC1",
"Perl Perl 5.26.*\uff0c\u003c5.26.1-RC1"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-12814",
"serverity": "\u9ad8",
"submitTime": "2017-09-28",
"title": "Perl\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
GSD-2017-12814
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-12814",
"description": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.",
"id": "GSD-2017-12814",
"references": [
"https://www.suse.com/security/cve/CVE-2017-12814.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-12814"
],
"details": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.",
"id": "GSD-2017-12814",
"modified": "2023-12-13T01:21:03.260891Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101051"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131665",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.24.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12814"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131665",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "101051",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-07-15T03:15Z",
"publishedDate": "2017-09-28T01:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…