NVD

Id
9647  
Name
CVE-2011-2939  
Description
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2012-01-13  
Modified Date
2013-10-23  
Seq
2011-2939  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
55206 9647 CVE-2011-2939 http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod  View
55207 9647 CVE-2011-2939 http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5  View
55208 9647 CVE-2011-2939 http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)  View
55209 9647 CVE-2011-2939 MDVSA-2012:008  View
55210 9647 CVE-2011-2939 [oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string  View
55211 9647 CVE-2011-2939 [oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string  View
55212 9647 CVE-2011-2939 RHSA-2011:1424  View
55213 9647 CVE-2011-2939 49858  View
55214 9647 CVE-2011-2939 USN-1643-1  View
55215 9647 CVE-2011-2939 https://bugzilla.redhat.com/show_bug.cgi?id=731246  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
25362 JVNDB-2012-001069 Perl の Encode モジュールにおける一つずれエラーの脆弱性 Perl で使用される Encode モジュールの Unicode/Unicode.xs 内にある decode_xs 関数には、一つずれ (Off-by-one) エラーの脆弱性が存在します。 CVE-2011-2939 50846 CVE-2011-2939 9647 5.1 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001069.html 2012-01-13 2013-11-01 View