CVE-2017-12814 - OpenCVE

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Perl	Perl
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:perl:perl::::::::
	cpe:2.3:a:perl:perl:5.26.0:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/101051	Third Party Advisory VDB Entry
https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1	Release Notes Vendor Advisory
https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1	Release Notes Vendor Advisory
https://rt.perl.org/Public/Bug/Display.html?id=131665	Exploit Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20180426-0001/
https://www.oracle.com/security-alerts/cpujul2020.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-27T17:00:00

Updated: 2020-07-15T02:22:55

Reserved: 2017-08-11T00:00:00

Link: CVE-2017-12814

JSON object: View

NVD Information

Status : Modified

Published: 2017-09-28T01:29:01.327

Modified: 2020-07-15T03:15:18.137

Link: CVE-2017-12814

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-10T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-15T02:22:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "101051", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101051"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180426-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12814", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "101051", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101051"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://rt.perl.org/Public/Bug/Display.html?id=131665", "refsource": "CONFIRM", "url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"}, {"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1", "refsource": "CONFIRM", "url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"}, {"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1", "refsource": "CONFIRM", "url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"}, {"name": "https://security.netapp.com/advisory/ntap-20180426-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180426-0001/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12814", "datePublished": "2017-09-27T17:00:00", "dateReserved": "2017-08-11T00:00:00", "dateUpdated": "2020-07-15T02:22:55", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB276E2C-622C-45EB-8378-35751366049F", "versionEndIncluding": "5.24.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*", "matchCriteriaId": "B71CAECA-2A6A-4604-863F-3C1C055FB1CE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en el m\u00e9todo CPerlHost::Add en win32/perlhost.h en Perl en versiones anteriores a la 5.24.3-RC1 y las versiones 5.26.x anteriores a 5.26.1-RC1 en Windows permite que los atacantes ejecuten c\u00f3digo arbitrario mediante una variable de entorno larga."}], "id": "CVE-2017-12814", "lastModified": "2020-07-15T03:15:18.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-28T01:29:01.327", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101051"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20180426-0001/"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}