CVE-2007-5116

NONE EPSS 90.9%
Published Nov 7, 200718y ago · Modified Jun 16, 20262w ago
Find Similar
Published Nov 7, 2007 18y ago
Last Modified Jun 16, 2026 2w ago

Description

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Threat Intelligence

EPSS Exploit Probability
90.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 51

VendorProductVersionRange
debiandebian_linux3.1any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
debiandebian_linux4.0any
mandrakesoftmandrake_linux2007any
mandrakesoftmandrake_linux2007any
mandrakesoftmandrake_linux2007.1any
mandrakesoftmandrake_linux2007.1any
mandrakesoftmandrake_linux2008.0any
mandrakesoftmandrake_linux2008.0any
mandrakesoftmandrake_linux_corporate_server3.0any
mandrakesoftmandrake_linux_corporate_server3.0any
mandrakesoftmandrake_linux_corporate_server4.0any
mandrakesoftmandrake_linux_corporate_server4.0any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux4.0any
redhatenterprise_linux4.0any
redhatenterprise_linux4.0any
redhatenterprise_linux5.0any
redhatenterprise_linux5.0any
redhatenterprise_linux_desktop3.0any
redhatenterprise_linux_desktop4.0any
redhatlinux_advanced_workstation2.1any
redhatlinux_advanced_workstation2.1any
rpathrpath_linux1any
larry_wallperl5.8.0any
larry_wallperl5.8.1any
larry_wallperl5.8.3any
larry_wallperl5.8.4any
larry_wallperl5.8.4.1any
larry_wallperl5.8.4.2any
larry_wallperl5.8.4.2.3any
larry_wallperl5.8.4.3any
larry_wallperl5.8.4.4any
larry_wallperl5.8.4.5any
larry_wallperl5.8.6any
mandrakesoftmandrake_multi_network_firewall2.0any
openpkgopenpkgcurrentany
redhatenterprise_linux1.0any

References 53

  • aix.software.ibm.com ftp://aix.software.ibm.com/aix/efixes/security/README
  • docs.info.apple.com http://docs.info.apple.com/article.html?artnum=307179
  • lists.apple.com http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
  • lists.vmware.com http://lists.vmware.com/pipermail/security-announce/2008/000002.html
  • marc.info http://marc.info/?l=bugtraq&m=120352263023774&w=2
  • secunia.com http://secunia.com/advisories/27479
  • secunia.com http://secunia.com/advisories/27515
  • secunia.com http://secunia.com/advisories/27531
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/27546
  • secunia.com http://secunia.com/advisories/27548
  • secunia.com http://secunia.com/advisories/27570
  • secunia.com http://secunia.com/advisories/27613
  • secunia.com http://secunia.com/advisories/27756
  • secunia.com http://secunia.com/advisories/27936
  • secunia.com http://secunia.com/advisories/28167
  • secunia.com http://secunia.com/advisories/28368
  • secunia.com http://secunia.com/advisories/28387
  • secunia.com http://secunia.com/advisories/28993
  • secunia.com http://secunia.com/advisories/29074
  • secunia.com http://secunia.com/advisories/31208
  • securitytracker.com http://securitytracker.com/id?1018899
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1
  • support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm
  • www-1.ibm.com http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220
  • www-1.ibm.com http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244
  • debian.org http://www.debian.org/security/2007/dsa-1400
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml
  • ipcop.org http://www.ipcop.org/index.php?name=News&file=article&sid=41
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2007:207
    Patch
  • novell.com http://www.novell.com/linux/security/advisories/2007_24_sr.html
  • openpkg.com http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2007-0966.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2007-1011.html
  • securityfocus.com http://www.securityfocus.com/archive/1/483563/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/483584/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/485936/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/486859/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/26350
  • ubuntu.com http://www.ubuntu.com/usn/usn-552-1
  • us-cert.gov http://www.us-cert.gov/cas/techalerts/TA07-352A.html
    US Government Resource
  • vmware.com http://www.vmware.com/security/advisories/VMSA-2008-0001.html
  • vupen.com http://www.vupen.com/english/advisories/2007/3724
  • vupen.com http://www.vupen.com/english/advisories/2007/4238
  • vupen.com http://www.vupen.com/english/advisories/2007/4255
  • vupen.com http://www.vupen.com/english/advisories/2008/0064
  • vupen.com http://www.vupen.com/english/advisories/2008/0641
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=323571
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=378131
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/38270
  • issues.rpath.com https://issues.rpath.com/browse/RPL-1813
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669

Remediation

  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2007:207
    Patch