[Bug 1187149] New: CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
bugzilla at redhat.com
bugzilla at redhat.com
Thu Jan 29 12:27:31 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1187149
Bug ID: 1187149
Summary: CVE-2013-7422 perl: segmentation fault in S_regmatch
on negative backreference
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team at redhat.com
Reporter: mprpic at redhat.com
CC: cweyl at alumni.drew.edu, iarnell at gmail.com,
jplesnik at redhat.com, kasal at ucw.cz,
perl-devel at lists.fedoraproject.org,
perl-maint-list at redhat.com, ppisar at redhat.com,
psabata at redhat.com, rc040203 at freenet.de,
rmeggins at redhat.com, tcallawa at redhat.com
An integer underflow flaw was discovered in the way Perl parsed regular
expression backreferences. An attacker able to supply a crafted regular
expression to a Perl application could possibly use this flaw to crash that
application.
Reproducer:
$ perl -e '/\7777777777/'
Segmentation fault
Upstream issue:
https://rt.perl.org/Public/Bug/Display.html?id=119505
Upstream patch:
http://perl5.git.perl.org/perl.git/commitdiff/0c2990d652e985784f095bba4bc356481a66aa06
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=WDfiMmElTR&a=cc_unsubscribe
More information about the perl-devel
mailing list