CVE-2011-0761

Publication date 13 May 2011

Last updated 24 July 2024

Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
perl	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	11.10 oneiric	Not affected
	11.04 natty	Ignored end of life
	10.10 maverick	Ignored end of life
	10.04 LTS lucid	Ignored
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Ignored end of life

Notes

sbeattie

toucan systems advisory has PoC

seth-arnold

ignoring this CVE: flaw requires extremely poorly written software to exploit the problem (allow input to modify the number of arguments to fundamental functions), crashes do not appear to be under argument control. Upstream Perl team does not consider it a security-relevant problem and thus have not prepared any patches.

CVE-2011-0761

Status

Notes

sbeattie

seth-arnold

References

Other references