CVE-2005-3962
perl - integer overflow
EPSS 0.89%
Description
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
How to fix CVE-2005-3962
To remediate CVE-2005-3962, upgrade the affected package to a fixed version below.
- Debian/perl—upgrade to 5.8.7-9 or later
- Debian/perl—upgrade to 5.8.4-8sarge3 or later
Is CVE-2005-3962 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 5.8.7-9
- from 0, < 5.8.4-8sarge3