CVE-2010-4777

Perl - Denial of Service via Crafted Regular Expression Input

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4777. PoCs published by Vladimir Perepelitsa.

AI-analyzed exploit summary This Perl script exploits CVE-2010-4777, a denial-of-service vulnerability in Perl's regular expression handling. It triggers a crash by manipulating UTF-8 strings and regex patterns, causing the application to abort.

Description

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Vladimir Perepelitsa · perldosmultiple
https://www.exploit-db.com/exploits/35489

This Perl script exploits CVE-2010-4777, a denial-of-service vulnerability in Perl's regular expression handling. It triggers a crash by manipulating UTF-8 strings and regex patterns, causing the application to abort.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Perl (versions affected by CVE-2010-4777)
No auth needed
Prerequisites: Perl environment vulnerable to CVE-2010-4777
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Various Sources x_refsource_confirm
https://rt.perl.org/Public/Bug/Display.html?id=76538
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=694166
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html

Scores

EPSS 0.0546
EPSS Percentile 90.4%

Details

CWE
CWE-20
Status published
Products (3)
perl/perl 5.10
perl/perl 5.12.0
perl/perl 5.14.0
Published Feb 10, 2014
Tracked Since Feb 18, 2026