Search for vulnerabilities
Vulnerability details: VCID-wcfe-dr2j-aaaq
Vulnerability ID VCID-wcfe-dr2j-aaaq
Aliases CVE-2010-4777
Summary The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
Status Published
Exploitability 2.0
Weighted Severity 3.9
Risk 7.8
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.05847 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.07597 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
epss 0.13574 https://api.first.org/data/v1/epss?cve=CVE-2010-4777
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2010-4777
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4777.json
https://api.first.org/data/v1/epss?cve=CVE-2010-4777
https://bugzilla.redhat.com/show_bug.cgi?id=694166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4777
https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
https://rt.perl.org/Public/Bug/Display.html?id=76538
628836 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*
CVE-2010-4777 https://nvd.nist.gov/vuln/detail/CVE-2010-4777
CVE-2010-4777;OSVDB-74745 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/35489.pl
CVE-2010-4777;OSVDB-74745 Exploit https://www.securityfocus.com/bid/47006/info
Data source Exploit-DB
Date added March 23, 2011
Description Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service
Ransomware campaign use Known
Source publication date March 23, 2011
Exploit type dos
Platform multiple
Source update date Dec. 8, 2014
Source URL https://www.securityfocus.com/bid/47006/info
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4777
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.77508
EPSS Score 0.00530
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.