CVE-2011-1487
N/A
N/A
Summary
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=692844
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
- http://secunia.com/advisories/44168
- http://secunia.com/advisories/43921
- http://www.debian.org/security/2011/dsa-2265
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
- http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
- http://www.securityfocus.com/bid/47124
- http://openwall.com/lists/oss-security/2011/04/04/35
- http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
- https://bugzilla.redhat.com/show_bug.cgi?id=692898
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
- http://openwall.com/lists/oss-security/2011/04/01/3
References
- https://bugzilla.redhat.com/show_bug.cgi?id=692844
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
- http://secunia.com/advisories/44168
- http://secunia.com/advisories/43921
- http://www.debian.org/security/2011/dsa-2265
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
- http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
- http://www.securityfocus.com/bid/47124
- http://openwall.com/lists/oss-security/2011/04/04/35
- http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
- https://bugzilla.redhat.com/show_bug.cgi?id=692898
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
- http://openwall.com/lists/oss-security/2011/04/01/3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.