CVE-2007-5116

Summary

CVE	CVE-2007-5116
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-11-07 23:46:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Risk And Classification

Primary CVSS: v2.0 7.5 from [email protected]

AV:N/AC:L/Au:N/C:P/I:P/A:P

Problem Types: CWE-119 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	3.1	All	All	All
Operating System	Debian	Debian Linux	4.0	All	All	All
Operating System	Debian	Debian Linux	4.0	All	alpha	All
Operating System	Debian	Debian Linux	4.0	All	amd64	All
Operating System	Debian	Debian Linux	4.0	All	arm	All
Operating System	Debian	Debian Linux	4.0	All	hppa	All
Operating System	Debian	Debian Linux	4.0	All	ia-32	All
Operating System	Debian	Debian Linux	4.0	All	ia-64	All
Operating System	Debian	Debian Linux	4.0	All	m68k	All
Operating System	Debian	Debian Linux	4.0	All	mips	All
Operating System	Debian	Debian Linux	4.0	All	mipsel	All
Operating System	Debian	Debian Linux	4.0	All	powerpc	All
Operating System	Debian	Debian Linux	4.0	All	s390	All
Operating System	Debian	Debian Linux	4.0	All	sparc	All
Application	Larry Wall	Perl	5.8.0	All	All	All
Application	Larry Wall	Perl	5.8.1	All	All	All
Application	Larry Wall	Perl	5.8.3	All	All	All
Application	Larry Wall	Perl	5.8.4	All	All	All
Application	Larry Wall	Perl	5.8.4.1	All	All	All
Application	Larry Wall	Perl	5.8.4.2	All	All	All
Application	Larry Wall	Perl	5.8.4.2.3	All	All	All
Application	Larry Wall	Perl	5.8.4.3	All	All	All
Application	Larry Wall	Perl	5.8.4.4	All	All	All
Application	Larry Wall	Perl	5.8.4.5	All	All	All
Application	Larry Wall	Perl	5.8.6	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux	2007.1	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2007.1	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux	2008.0	All	All	All
Operating System	Mandrakesoft	Mandrake Linux	2008.0	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	3.0	All	All	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	3.0	All	x86_64	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	4.0	All	All	All
Operating System	Mandrakesoft	Mandrake Linux Corporate Server	4.0	All	x86_64	All
Application	Mandrakesoft	Mandrake Multi Network Firewall	2.0	All	All	All
Application	Openpkg	Openpkg	current	All	All	All
Operating System	Redhat	Enterprise Linux	3.0	All	as	All
Operating System	Redhat	Enterprise Linux	3.0	All	es	All
Operating System	Redhat	Enterprise Linux	3.0	All	ws	All
Operating System	Redhat	Enterprise Linux	4.0	All	as	All
Operating System	Redhat	Enterprise Linux	4.0	All	es	All
Operating System	Redhat	Enterprise Linux	4.0	All	ws	All
Operating System	Redhat	Enterprise Linux	5.0	All	client	All
Operating System	Redhat	Enterprise Linux	5.0	All	server	All
Operating System	Redhat	Enterprise Linux	1.0	All	application_stack	All
Operating System	Redhat	Enterprise Linux Desktop	3.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	4.0	All	All	All
Operating System	Redhat	Linux Advanced Workstation	2.1	All	ia64	All
Operating System	Redhat	Linux Advanced Workstation	2.1	All	itanium_processor	All
Operating System	Rpath	Rpath Linux	1	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
sunsolve.sun.com/search/document.do	af854a3a-2127-422b-91ae-364da2661108	sunsolve.sun.com
Mandriva update for perl - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Red Hat update for perl - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
VMSA-2008-0001.1 - VMware	af854a3a-2127-422b-91ae-364da2661108	www.vmware.com
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
IPCop update for perl - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
marc.info	af854a3a-2127-422b-91ae-364da2661108	marc.info
US-CERT Technical Cyber Security Alert TA07-352A -- Apple Updates for Multiple Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.us-cert.gov	US Government Resource
Avaya Products Perl Regular Expressions Unicode Data Buffer Overflow - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Debian -- Security Information -- DSA-1400-1 perl	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
rPath update for perl - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Support / Security / Advisories / / MDKSA-2007:207 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com	Patch
#231524: Security Vulnerability in Solaris 10 Perl 5.8	af854a3a-2127-422b-91ae-364da2661108	sunsolve.sun.com
IBM notice: The page you requested cannot be displayed	af854a3a-2127-422b-91ae-364da2661108	www-1.ibm.com
OpenPKG Corporation: Security: Security Advisories	af854a3a-2127-422b-91ae-364da2661108	www.openpkg.com
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
323571 – (CVE-2007-5116) CVE-2007-5116 perl regular expression UTF parsing errors	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
VMware ESX Server Multiple Security Updates - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
APPLE-SA-2007-12-17 Security Update 2007-009	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
About Security Update 2007-009	af854a3a-2127-422b-91ae-364da2661108	docs.info.apple.com
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
IBM AIX Perl Regular Expressions Unicode Data Buffer Overflow - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Gentoo Linux Documentation -- Perl: Buffer overflow	af854a3a-2127-422b-91ae-364da2661108	www.gentoo.org
[Security-announce] VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages	af854a3a-2127-422b-91ae-364da2661108	lists.vmware.com
Perl Regular Expressions Unicode Data Buffer Overflow - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
HP Tru64 UNIX Perl Regular Expressions Vulnerability - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
aix.software.ibm.com/aix/efixes/security/README	af854a3a-2127-422b-91ae-364da2661108	aix.software.ibm.com
Fedora update for perl - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
USN-552-1: Perl vulnerability \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Gentoo update for perl - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Ubuntu update for perl - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
SUSE Update for Multiple Packages - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
SecurityTracker.com Archives - Perl Regex Processing Bug May Let Users Execute Arbitrary Code	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
378131 – CVE-2007-5116 perl regular expression UTF parsing errors [f7]	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
sunsolve.sun.com/search/document.do	af854a3a-2127-422b-91ae-364da2661108	sunsolve.sun.com
issues.rpath.com/browse/RPL-1813	af854a3a-2127-422b-91ae-364da2661108	issues.rpath.com
Perl Unicode Regular Expression Buffer Overflow Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
IBM IZ10220: POTENTIAL SECURITY ISSUE. APPLIES TO AIX 5200-10 - United States	af854a3a-2127-422b-91ae-364da2661108	www-1.ibm.com
Solaris 10 Perl Regular Expressions Unicode Data Buffer Overflow - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
ASA-2008-014 (RHSA-2007-0966)	af854a3a-2127-422b-91ae-364da2661108	support.avaya.com
IPCop 1.4.21 released :: IPCop.org :: The bad packets stop here!	af854a3a-2127-422b-91ae-364da2661108	www.ipcop.org
Security Announcement	af854a3a-2127-422b-91ae-364da2661108	www.novell.com
Debian update for perl - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.