CVE-2004-2022

NONE EPSS 74.0%
Published Dec 31, 200421y ago · Modified Jun 16, 20262w ago
Find Similar
Published Dec 31, 2004 21y ago
Last Modified Jun 16, 2026 2w ago

Description

ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.

Threat Intelligence

EPSS Exploit Probability
74.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Affected Products 8

VendorProductVersionRange
activestateactiveperl5.6.1any
activestateactiveperl5.6.1.630any
activestateactiveperl5.6.2any
activestateactiveperl5.6.3any
activestateactiveperl5.7.1any
activestateactiveperl5.7.2any
activestateactiveperl5.7.3any
activestateactiveperl5.8any

References 9

  • archives.neohapsis.com http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html
  • marc.info http://marc.info/?l=bugtraq&m=108489894009025&w=2
  • marc.info http://marc.info/?l=full-disclosure&m=108482796105922&w=2
  • marc.info http://marc.info/?l=full-disclosure&m=108483058514596&w=2
  • marc.info http://marc.info/?l=full-disclosure&m=108489112131099&w=2
  • oliverkarow.de http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt
    Exploit
  • perlmonks.org http://www.perlmonks.org/index.pl?node_id=354145
    Exploit
  • securityfocus.com http://www.securityfocus.com/bid/10375
    Exploit
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/16169

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.