VDB
CVE-2017-12814
CVE-2017-12814
PUBLISHED
CVSS 7.5 HIGH
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
EPSS 5.69% · 90.6th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
5.69%
90.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| perl | perl | 0, 5.26.0 |
| n/a | n/a | n/a |
Exploit Intelligence
- https://rt.perl.org/Public/Bug/Display.html?id=131665 (nist-nvd)
- Perl $ENV Key Stack Buffer Overflow (hackerone)
- Perl $ENV Key Stack Buffer Overflow (hackerone)
- Perl $ENV Key Stack Buffer Overflow (hackerone)
- 101051 (circl)
- https://www.oracle.com/security-alerts/cpujul2020.html (circl)
- https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 (circl)
- https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 (circl)
- https://security.netapp.com/advisory/ntap-20180426-0001/ (circl)
Timeline
- CVE Published
- Nov 12, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 18, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Mar 26, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 12, 2025 EPSS Score
References
- 101051 vdb
- https://www.oracle.com/security-alerts/cpujul2020.html url
- https://rt.perl.org/Public/Bug/Display.html?id=131665 url
- https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 url
- https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 url
- https://security.netapp.com/advisory/ntap-20180426-0001/ url
- https://nvd.nist.gov/vuln/detail/CVE-2017-12814 advisory
- https://security.netapp.com/advisory/ntap-20180426-0001 url