CVE-2005-3962

N/A Unknown
Published: December 01, 2005 Modified: April 16, 2026
View on NVD

Description

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
Source: secalert@redhat.com
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
Source: secalert@redhat.com
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
Source: secalert@redhat.com
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
Source: secalert@redhat.com
http://docs.info.apple.com/article.html?artnum=304829
Source: secalert@redhat.com
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
Source: secalert@redhat.com
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
Source: secalert@redhat.com
http://secunia.com/advisories/17762
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/17802
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/17844
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/17941
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/17952
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/17993
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/18075
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/18183
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/18187
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/18295
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/18413
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/18517
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19041
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/20894
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/23155
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/31208
Source: secalert@redhat.com
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
Source: secalert@redhat.com
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
Source: secalert@redhat.com
http://www.debian.org/security/2006/dsa-943
Source: secalert@redhat.com
http://www.dyadsecurity.com/perl-0002.html
Source: secalert@redhat.com
Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
Source: secalert@redhat.com
http://www.ipcop.org/index.php?name=News&file=article&sid=41
Source: secalert@redhat.com
http://www.kb.cert.org/vuls/id/948385
Source: secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
Source: secalert@redhat.com
http://www.novell.com/linux/security/advisories/2005_29_sr.html
Source: secalert@redhat.com
http://www.novell.com/linux/security/advisories/2005_71_perl.html
Source: secalert@redhat.com
http://www.openbsd.org/errata37.html#perl
Source: secalert@redhat.com
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
Source: secalert@redhat.com
http://www.osvdb.org/21345
Source: secalert@redhat.com
http://www.osvdb.org/22255
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2005-880.html
Source: secalert@redhat.com
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-881.html
Source: secalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/archive/1/418333/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/438726/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/bid/15629
Source: secalert@redhat.com
http://www.trustix.org/errata/2005/0070
Source: secalert@redhat.com
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Source: secalert@redhat.com
US Government Resource
http://www.vupen.com/english/advisories/2005/2688
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2006/0771
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2006/2613
Source: secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2006/4750
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
Source: secalert@redhat.com
https://usn.ubuntu.com/222-1/
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
Source: secalert@redhat.com
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
Source: af854a3a-2127-422b-91ae-364da2661108
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
Source: af854a3a-2127-422b-91ae-364da2661108
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
Source: af854a3a-2127-422b-91ae-364da2661108
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
Source: af854a3a-2127-422b-91ae-364da2661108
http://docs.info.apple.com/article.html?artnum=304829
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/17762
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/17802
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/17844
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/17941
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/17952
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/17993
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/18075
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/18183
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/18187
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/18295
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/18413
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/18517
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19041
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/20894
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23155
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/31208
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2006/dsa-943
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.dyadsecurity.com/perl-0002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ipcop.org/index.php?name=News&file=article&sid=41
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/948385
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.novell.com/linux/security/advisories/2005_29_sr.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.novell.com/linux/security/advisories/2005_71_perl.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openbsd.org/errata37.html#perl
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.osvdb.org/21345
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.osvdb.org/22255
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2005-880.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-881.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/archive/1/418333/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/438726/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/15629
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.trustix.org/errata/2005/0070
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2005/2688
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2006/0771
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2006/2613
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2006/4750
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
Source: af854a3a-2127-422b-91ae-364da2661108
https://usn.ubuntu.com/222-1/
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108

104 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.9%
76th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-189

Affected Vendors

perl

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A