CVE-2014-4330
LOW severity · CVSS 2.1 · Memory corruption
2.1CVSS LOW
Summary
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)1%
AV:L/AC:L/Au:N/C:N/I:N/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://advisories.mageia.org/MGASA-2014-0406.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html
- http://secunia.com/advisories/61441
- http://secunia.com/advisories/61961
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:136
- http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.htmlExploit
- http://seclists.org/fulldisclosure/2014/Sep/84Exploit
- http://seclists.org/oss-sec/2014/q3/692Exploit