Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-4330

Disclosure Date: September 30, 2014
CVE-2014-4330
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • data dumper project,
  • perl

Products

  • data dumper,
  • perl

References

Canonical
CVE-2014-4330 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330)
BID-70142 (http://www.securityfocus.com/bid/70142)
Advisory
20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow (http://www.securityfocus.com/archive/1/533543/100/0/threaded)
SECUNIA-61441 (http://secunia.com/advisories/61441)
FEDORA-2014-11453 (http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html)
http://www.mandriva.com/security/advisories?name=MDVSA-2015:136
https://metacpan.org/pod/distribution/Data-Dumper/Changes
https://www.lsexperts.de/advisories/lse-2014-06-10.txt
XF-perl-cve20144330-dos(96216) (https://exchange.xforce.ibmcloud.com/vulnerabilities/96216)
[perl.perl5.porters] 20140918 fix for CVE-2014-4330 present in blead (http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
USN-2916-1 (http://www.ubuntu.com/usn/USN-2916-1)
20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow (http://seclists.org/fulldisclosure/2014/Sep/84)
http://advisories.mageia.org/MGASA-2014-0406.html
SECUNIA-61961 (http://secunia.com/advisories/61961)
[oss-security] 20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow (http://seclists.org/oss-sec/2014/q3/692)
Miscellaneous
http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis