{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-10-24T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"}, {"name": "[oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"}, {"name": "[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"}, {"name": "55314", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55314"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://perldoc.perl.org/perl5100delta.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:14:06.375Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"}, {"name": "[oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"}, {"name": "[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"}, {"name": "55314", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55314"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://perldoc.perl.org/perl5100delta.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-1158", "datePublished": "2010-04-20T15:00:00", "dateReserved": "2010-03-29T00:00:00", "dateUpdated": "2024-08-07T01:14:06.375Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."}, {"lang": "es", "value": "Desbordamiento de entero en el motor de expresiones regulares de Perl v5.8.x permite a atacantes dependiendo del contexto provocar una denegaci\u00f3n de servicio (consumo de la pila y ca\u00edda de la aplicaci\u00f3n) cotejando una expresi\u00f3n regular modificada contra una cadena de texto extensa."}], "id": "CVE-2010-1158", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-04-20T15:30:00.427", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"}, {"source": "secalert@redhat.com", "url": "http://perldoc.perl.org/perl5100delta.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55314"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://perldoc.perl.org/perl5100delta.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/55314"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.", "lastModified": "2010-04-22T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Perl: Stack overflow by processing a certain regular expression", "id": "580605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."], "name": "CVE-2010-1158", "public_date": "2010-04-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-1158\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1158"], "statement": "The Red Hat Product Security has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.", "threat_severity": "Low"}