CVE-2005-3962

Publication date 1 December 2005

Last updated 24 July 2024

Ubuntu priority

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
perl	7.04 feisty	Fixed 5.8.7-10ubuntu1
	6.10 edgy	Fixed 5.8.7-10ubuntu1
	6.06 LTS dapper	Fixed 5.8.7-10ubuntu1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-222-2
Perl vulnerability
13 December 2005

USN-222-1
Perl vulnerability
2 December 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-3962