CVE-2004-2286

Description

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.

Affected products

• activestate / activeperl5.6.1 – 5.6.1
• activestate / activeperl5.6.1.630 – 5.6.1.630
• activestate / activeperl5.6.2 – 5.6.2
• activestate / activeperl5.6.3 – 5.6.3
• activestate / activeperl5.7.1 – 5.7.1
• activestate / activeperl5.7.2 – 5.7.2
• activestate / activeperl5.7.3 – 5.7.3
• activestate / activeperl5.8 – 5.8
• activestate / activeperl5.8.1 – 5.8.1
• activestate / activeperl5.8.3 – 5.8.3
• larry_wall / perl5.3 – 5.3
• larry_wall / perl5.4 – 5.4
• larry_wall / perl5.4.5 – 5.4.5
• larry_wall / perl5.5 – 5.5
• larry_wall / perl5.5.3 – 5.5.3
• larry_wall / perl5.6 – 5.6
• larry_wall / perl5.6.1 – 5.6.1
• larry_wall / perl5.8.0 – 5.8.0
• larry_wall / perl5.8.1 – 5.8.1
• larry_wall / perl5.8.3 – 5.8.3

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/16224
• MISChttp://www.securityfocus.com/bid/10380
• MISChttp://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html