CVE-2014-4330
EPSS 0.12%
Description
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.
How to fix CVE-2014-4330
To remediate CVE-2014-4330, upgrade the affected package to a fixed version below.
- Debian/perl—upgrade to 5.20.1-1 or later
Is CVE-2014-4330 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 5.20.1-1