https://bugzilla.redhat.com/show_bug.cgi?id=1187149
Stefan Cornelius <scorneli(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |low
External Bug ID| |Debian BTS 776046
Whiteboard|impact=moderate,public=2015 |impact=low,public=20150123,
|0123,reported=20150127,sour |reported=20150127,source=os
|ce=oss-security,cvss2=4.3/A |s-security,cvss2=4.3/AV:N/A
|V:N/AC:M/Au:N/C:N/I:N/A:P,c |C:M/Au:N/C:N/I:N/A:P,cwe=CW
|we=CWE-190,fedora-all/perl= |E-190,fedora-all/perl=affec
|affected,rhel-5/perl=affect |ted,rhel-5/perl=affected,rh
|ed,rhel-6/perl=affected,rhe |el-6/perl=affected,rhel-7/p
|l-7/perl=affected,directory |erl=affected,directory_serv
|_server_8/perl=new |er_8/perl=affected
Severity|medium |low
--- Comment #3 from Stefan Cornelius <scorneli(a)redhat.com> ---
The code responsible for processing regular expression backreferences in
regcomp.c did not properly handle large digit strings. An attacker able to pass
specially crafted regular expressions containing large backreferences can
exploit this issue to e.g. cause an application crash due to an out-of-bounds
read caused by an array indexing error in the S_regmatch() function.
It's possible that this flaw may not affect 32bit platforms.
SUSE has previously fixed this via
http://marc.info/?l=opensuse-commit&m=121933719424130, although this patch is
different from the one used Perl upstream.
OSS post assigning the CVE:
http://www.openwall.com/lists/oss-security/2015/01/27/3
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=e0OeGtePcA&a=cc_unsubscribe