{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "APPLE-SA-2015-08-13-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"}, {"name": "GLSA-201507-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201507-11"}, {"name": "USN-2916-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2916-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT205031"}, {"name": "75704", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75704"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-7422", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2015-08-13-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06", "refsource": "CONFIRM", "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"}, {"name": "GLSA-201507-11", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201507-11"}, {"name": "USN-2916-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2916-1"}, {"name": "https://support.apple.com/kb/HT205031", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT205031"}, {"name": "75704", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75704"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:09:16.951Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2015-08-13-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"}, {"name": "GLSA-201507-11", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201507-11"}, {"name": "USN-2916-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2916-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT205031"}, {"name": "75704", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75704"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-7422", "datePublished": "2015-08-16T23:00:00", "dateReserved": "2015-01-27T00:00:00", "dateUpdated": "2024-08-06T18:09:16.951Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906", "versionEndIncluding": "10.10.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*", "matchCriteriaId": "2C5E931F-85AB-4D99-BDC4-80C666187C26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."}, {"lang": "es", "value": "Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes dependientes del contexto ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena larga de d\u00edgitos asociados con una referencia inversa no v\u00e1lida dentro de una expresi\u00f3n regular."}], "id": "CVE-2013-7422", "lastModified": "2016-12-22T02:59:04.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-16T23:59:00.097", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/75704"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2916-1"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201507-11"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT205031"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "perl: segmentation fault in S_regmatch on negative backreference", "id": "1187149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187149"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "cwe": "CWE-190", "details": ["Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."], "name": "CVE-2013-7422", "package_state": [{"cpe": "cpe:/a:redhat:directory_server:8", "fix_state": "Will not fix", "package_name": "perl", "product_name": "Red Hat Directory Server 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-01-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-7422\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7422"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "perl 5.19.5"}