CVE-2008-1927 - Vulnerability Details

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Perl	Perl
Redhat	Certificate System Enterprise Linux Rhel Application Stack

Configuration 1 [-]

cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Certificate System 7.3
ant-0:1.6.5-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
avalon-logkit-0:1.2-2jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
axis-0:1.2.1-1jpp_3rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-jaf-0:1.0-2jpp_6rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-mail-0:1.1.1-2jpp_8rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
geronimo-specs-0:1.0-0.M4.1jpp_10rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
jakarta-commons-modeler-0:2.0-3jpp_2rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
log4j-0:1.2.12-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
mx4j-1:3.0.1-1jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
pcsc-lite-0:1.3.3-3.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ca-0:7.3.0-20.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-java-tools-0:7.3.0-10.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-kra-0:7.3.0-14.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-manage-0:7.3.0-19.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-native-tools-0:7.3.0-6.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ocsp-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-tks-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
tomcat5-0:5.5.23-0jpp_4rh.16	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xerces-j2-0:2.7.1-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xml-commons-0:1.3.02-2jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
Red Hat Enterprise Linux 3
perl-2:5.8.0-98.EL3	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:0522	2008-06-11T00:00:00Z
Red Hat Enterprise Linux 4
perl-3:5.8.5-36.el4_6.3	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:0522	2008-06-11T00:00:00Z
Red Hat Enterprise Linux 5
perl-4:5.8.8-10.el5_2.3	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0522	2008-06-11T00:00:00Z
Red Hat Web Application Stack for RHEL 4
perl-4:5.8.8-6.el4s1_3	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0532	2008-06-17T00:00:00Z

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://osvdb.org/44588
http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156
http://secunia.com/advisories/29948
http://secunia.com/advisories/30025
http://secunia.com/advisories/30326
http://secunia.com/advisories/30624
http://secunia.com/advisories/31208
http://secunia.com/advisories/31328
http://secunia.com/advisories/31467
http://secunia.com/advisories/31604
http://secunia.com/advisories/31687
http://secunia.com/advisories/33314
http://secunia.com/advisories/33937
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm
http://wiki.rpath.com/Advisories:rPSA-2009-0011
http://www.debian.org/security/2008/dsa-1556
http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml
http://www.ipcop.org/index.php?name=News&file=article&sid=41
http://www.mandriva.com/security/advisories?name=MDVSA-2008:100
http://www.redhat.com/support/errata/RHSA-2008-0522.html
http://www.redhat.com/support/errata/RHSA-2008-0532.html
http://www.securityfocus.com/archive/1/500210/100/0/threaded
http://www.securityfocus.com/bid/28928
http://www.securitytracker.com/id?1020253
http://www.ubuntu.com/usn/usn-700-1
http://www.ubuntu.com/usn/usn-700-2
http://www.vmware.com/security/advisories/VMSA-2008-0013.html
http://www.vupen.com/english/advisories/2008/2265/references
http://www.vupen.com/english/advisories/2008/2361
http://www.vupen.com/english/advisories/2008/2424
http://www.vupen.com/english/advisories/2009/0422
https://exchange.xforce.ibmcloud.com/vulnerabilities/41996
https://nvd.nist.gov/vuln/detail/CVE-2008-1927
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579
https://www.cve.org/CVERecord?id=CVE-2008-1927
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-23T17:00:00

Updated: 2024-08-07T08:41:00.168Z

Reserved: 2008-04-23T00:00:00

Link: CVE-2008-1927

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-04-24T05:05:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-1927

Redhat

Severity : Important

Publid Date: 2007-12-04T00:00:00Z

Links: CVE-2008-1927 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-07T00:00:00", "descriptions": [{"lang": "en", "value": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SR:2008:017", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"}, {"name": "ADV-2008-2424", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2424"}, {"name": "31328", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31328"}, {"name": "FEDORA-2008-3399", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"}, {"name": "44588", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/44588"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"}, {"name": "33937", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33937"}, {"tags": ["x_refsource_MISC"], "url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"}, {"name": "RHSA-2008:0532", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"}, {"name": "31687", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31687"}, {"name": "perl-utf8-dos(41996)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"}, {"name": "USN-700-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-700-1"}, {"name": "oval:org.mitre.oval:def:10579", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3438"}, {"name": "29948", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29948"}, {"name": "APPLE-SA-2009-02-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "GLSA-200805-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"}, {"name": "1020253", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020253"}, {"name": "ADV-2008-2361", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2361"}, {"name": "31467", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31467"}, {"name": "RHSA-2008:0522", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"}, {"name": "FEDORA-2008-3392", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"}, {"name": "33314", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33314"}, {"name": "ADV-2009-0422", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0422"}, {"name": "31604", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31604"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"}, {"name": "28928", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28928"}, {"name": "20090120 rPSA-2009-0011-1 perl", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"}, {"name": "30624", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30624"}, {"name": "30025", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30025"}, {"name": "USN-700-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-700-2"}, {"name": "30326", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30326"}, {"name": "MDVSA-2008:100", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"}, {"name": "DSA-1556", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1556"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=41"}, {"name": "31208", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31208"}, {"name": "ADV-2008-2265", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2265/references"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1927", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SR:2008:017", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"}, {"name": "ADV-2008-2424", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2424"}, {"name": "31328", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31328"}, {"name": "FEDORA-2008-3399", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"}, {"name": "44588", "refsource": "OSVDB", "url": "http://osvdb.org/44588"}, {"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0011", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"}, {"name": "33937", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33937"}, {"name": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156", "refsource": "MISC", "url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"}, {"name": "RHSA-2008:0532", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"}, {"name": "31687", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31687"}, {"name": "perl-utf8-dos(41996)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"}, {"name": "USN-700-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-700-1"}, {"name": "oval:org.mitre.oval:def:10579", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"}, {"name": "http://support.apple.com/kb/HT3438", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3438"}, {"name": "29948", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29948"}, {"name": "APPLE-SA-2009-02-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "GLSA-200805-17", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"}, {"name": "1020253", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020253"}, {"name": "ADV-2008-2361", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2361"}, {"name": "31467", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31467"}, {"name": "RHSA-2008:0522", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"}, {"name": "FEDORA-2008-3392", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"}, {"name": "33314", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33314"}, {"name": "ADV-2009-0422", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0422"}, {"name": "31604", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31604"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"}, {"name": "28928", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28928"}, {"name": "20090120 rPSA-2009-0011-1 perl", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"}, {"name": "30624", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30624"}, {"name": "30025", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30025"}, {"name": "USN-700-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-700-2"}, {"name": "30326", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30326"}, {"name": "MDVSA-2008:100", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"}, {"name": "DSA-1556", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1556"}, {"name": "http://www.ipcop.org/index.php?name=News&file=article&sid=41", "refsource": "CONFIRM", "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=41"}, {"name": "31208", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31208"}, {"name": "ADV-2008-2265", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2265/references"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:41:00.168Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SR:2008:017", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"}, {"name": "ADV-2008-2424", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2424"}, {"name": "31328", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31328"}, {"name": "FEDORA-2008-3399", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"}, {"name": "44588", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/44588"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"}, {"name": "33937", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33937"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"}, {"name": "RHSA-2008:0532", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"}, {"name": "31687", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31687"}, {"name": "perl-utf8-dos(41996)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"}, {"name": "USN-700-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-700-1"}, {"name": "oval:org.mitre.oval:def:10579", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3438"}, {"name": "29948", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29948"}, {"name": "APPLE-SA-2009-02-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "GLSA-200805-17", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"}, {"name": "1020253", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020253"}, {"name": "ADV-2008-2361", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2361"}, {"name": "31467", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31467"}, {"name": "RHSA-2008:0522", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"}, {"name": "FEDORA-2008-3392", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"}, {"name": "33314", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33314"}, {"name": "ADV-2009-0422", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0422"}, {"name": "31604", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31604"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"}, {"name": "28928", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28928"}, {"name": "20090120 rPSA-2009-0011-1 perl", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"}, {"name": "30624", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30624"}, {"name": "30025", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30025"}, {"name": "USN-700-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-700-2"}, {"name": "30326", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30326"}, {"name": "MDVSA-2008:100", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"}, {"name": "DSA-1556", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1556"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=41"}, {"name": "31208", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31208"}, {"name": "ADV-2008-2265", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2265/references"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1927", "datePublished": "2008-04-23T17:00:00", "dateReserved": "2008-04-23T00:00:00", "dateUpdated": "2024-08-07T08:41:00.168Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."}, {"lang": "es", "value": "Vulnerabilidad de doble liberacio\u00f3n en Perl 5.8.8 permite a los atacantes, dependiendo del contexto, causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y caida) a trav\u00e9s de expresiones regulares manipuladas conteniendo caracteres UTF8. NOTE: esta caracter\u00edstica solo est\u00e1 presente en ciertos sistemas operativos."}], "id": "CVE-2008-1927", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-24T05:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/44588"}, {"source": "cve@mitre.org", "url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29948"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30025"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30326"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30624"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31208"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31328"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31467"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31604"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31687"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33314"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33937"}, {"source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3438"}, {"source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"}, {"source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"}, {"source": "cve@mitre.org", "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1556"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"}, {"source": "cve@mitre.org", "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=41"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28928"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020253"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-700-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-700-2"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2265/references"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2361"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2424"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0422"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/44588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29948"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30624"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31467"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31604"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33314"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1556"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=41"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-700-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-700-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2265/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2424"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "ant-0:1.6.5-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "avalon-logkit-0:1.2-2jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "axis-0:1.2.1-1jpp_3rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-jaf-0:1.0-2jpp_6rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-mail-0:1.1.1-2jpp_8rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "geronimo-specs-0:1.0-0.M4.1jpp_10rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "jakarta-commons-modeler-0:2.0-3jpp_2rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "log4j-0:1.2.12-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "mx4j-1:3.0.1-1jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "pcsc-lite-0:1.3.3-3.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ca-0:7.3.0-20.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-java-tools-0:7.3.0-10.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-kra-0:7.3.0-14.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-manage-0:7.3.0-19.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-native-tools-0:7.3.0-6.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ocsp-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-tks-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "tomcat5-0:5.5.23-0jpp_4rh.16", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xerces-j2-0:2.7.1-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xml-commons-0:1.3.02-2jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2008:0522", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "perl-2:5.8.0-98.EL3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2008-06-11T00:00:00Z"}, {"advisory": "RHSA-2008:0522", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "perl-3:5.8.5-36.el4_6.3", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2008-06-11T00:00:00Z"}, {"advisory": "RHSA-2008:0522", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "perl-4:5.8.8-10.el5_2.3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-06-11T00:00:00Z"}, {"advisory": "RHSA-2008:0532", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "perl-4:5.8.8-6.el4s1_3", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-06-17T00:00:00Z"}], "bugzilla": {"description": "perl: heap corruption by regular expressions with utf8 characters", "id": "443928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"}, "csaw": false, "details": ["Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."], "name": "CVE-2008-1927", "public_date": "2007-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-1927\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-1927"], "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object