Numeric Errors

CVE-2011-2939

Medium

5.1/10

Summary

Off-by-one error in the "decode_xs" function in Unicode/Unicode.xs in the Encode distribution before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a Denial of Service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

Access Complexity: HIGH
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-189 - Numeric Errors

Weaknesses in this category are related to improper calculation or conversion of numbers.

References

Release Note

Advisory Timeline

Published Jan 13, 2012

Numeric Errors

CVE-2011-2939

Summary

CWE-189 - Numeric Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS