CVE-2007-5116

Published: Nov 7, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Affected (14)

Products: Larry Wall: Perl · Mandrakesoft: Mandrake Multi Network Firewall · Openpkg: Openpkg · +1 more

Show all products

Larry Wall: Perl · Mandrakesoft: Mandrake Multi Network Firewall · Openpkg: Openpkg · Redhat: Enterprise Linux

Larry Wall

1 product

Perl

Mandrakesoft

1 product

Mandrake Multi Network Firewall

1 product

1 product

Configuration A

14 vulnerable · 37 platform

Vulnerable Software	Affected Versions
Larry Wall Perl	Version 5.8.0
Larry Wall Perl	Version 5.8.1
Larry Wall Perl	Version 5.8.3
Larry Wall Perl	Version 5.8.4.1
Larry Wall Perl	Version 5.8.4.2.3
Larry Wall Perl	Version 5.8.4.2
Larry Wall Perl	Version 5.8.4.3
Larry Wall Perl	Version 5.8.4.4
Larry Wall Perl	Version 5.8.4.5
Larry Wall Perl	Version 5.8.4
Larry Wall Perl	Version 5.8.6
Mandrakesoft Mandrake Multi Network Firewall	Version 2.0
Openpkg Openpkg	Version current
Redhat Enterprise Linux	Version 1.0

Running on/with	Platform Versions
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Mandrakesoft Mandrake Linux	Version 2007.1
Mandrakesoft Mandrake Linux	Version 2007.1
Mandrakesoft Mandrake Linux	Version 2007
Mandrakesoft Mandrake Linux	Version 2007
Mandrakesoft Mandrake Linux	Version 2008.0
Mandrakesoft Mandrake Linux	Version 2008.0
Mandrakesoft Mandrake Linux Corporate Server	Version 3.0
Mandrakesoft Mandrake Linux Corporate Server	Version 3.0
Mandrakesoft Mandrake Linux Corporate Server	Version 4.0
Mandrakesoft Mandrake Linux Corporate Server	Version 4.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux Desktop	Version 3.0
Redhat Enterprise Linux Desktop	Version 4.0
Redhat Linux Advanced Workstation	Version 2.1
Redhat Linux Advanced Workstation	Version 2.1
Rpath Rpath Linux	Version 1

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (106)

ftp://aix.software.ibm.com/aix/efixes/security/README (unsafe URL)

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307179

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Source: cve@mitre.org

http://lists.vmware.com/pipermail/security-announce/2008/000002.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=120352263023774&w=2

Source: cve@mitre.org

http://secunia.com/advisories/27479

Source: cve@mitre.org

http://secunia.com/advisories/27515

Source: cve@mitre.org

http://secunia.com/advisories/27531

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27546

Source: cve@mitre.org

http://secunia.com/advisories/27548

Source: cve@mitre.org

http://secunia.com/advisories/27570

Source: cve@mitre.org

http://secunia.com/advisories/27613

Source: cve@mitre.org

http://secunia.com/advisories/27756

Source: cve@mitre.org

http://secunia.com/advisories/27936

Source: cve@mitre.org

http://secunia.com/advisories/28167

Source: cve@mitre.org

http://secunia.com/advisories/28368

Source: cve@mitre.org

http://secunia.com/advisories/28387

Source: cve@mitre.org

http://secunia.com/advisories/28993

Source: cve@mitre.org

http://secunia.com/advisories/29074

Source: cve@mitre.org

http://secunia.com/advisories/31208

Source: cve@mitre.org

http://securitytracker.com/id?1018899

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm

Source: cve@mitre.org

http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220

Source: cve@mitre.org

http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1400

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml

Source: cve@mitre.org

http://www.ipcop.org/index.php?name=News&file=article&sid=41

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:207

Source: cve@mitre.org

Patch

http://www.novell.com/linux/security/advisories/2007_24_sr.html

Source: cve@mitre.org

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0966.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-1011.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/483563/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/483584/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/485936/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/486859/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/26350

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-552-1

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

Source: cve@mitre.org

US Government Resource

http://www.vmware.com/security/advisories/VMSA-2008-0001.html

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3724

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/4238

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/4255

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0064

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0641

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=323571

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=378131

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/38270

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-1813

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669

Source: cve@mitre.org

ftp://aix.software.ibm.com/aix/efixes/security/README (unsafe URL)