[Bug 1187149] New: CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference

bugzilla at redhat.com bugzilla at redhat.com
Thu Jan 29 12:27:31 UTC 2015


https://bugzilla.redhat.com/show_bug.cgi?id=1187149

            Bug ID: 1187149
           Summary: CVE-2013-7422 perl: segmentation fault in S_regmatch
                    on negative backreference
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team at redhat.com
          Reporter: mprpic at redhat.com
                CC: cweyl at alumni.drew.edu, iarnell at gmail.com,
                    jplesnik at redhat.com, kasal at ucw.cz,
                    perl-devel at lists.fedoraproject.org,
                    perl-maint-list at redhat.com, ppisar at redhat.com,
                    psabata at redhat.com, rc040203 at freenet.de,
                    rmeggins at redhat.com, tcallawa at redhat.com



An integer underflow flaw was discovered in the way Perl parsed regular
expression backreferences. An attacker able to supply a crafted regular
expression to a Perl application could possibly use this flaw to crash that
application.

Reproducer:

$ perl -e '/\7777777777/'
Segmentation fault

Upstream issue:

https://rt.perl.org/Public/Bug/Display.html?id=119505

Upstream patch:

http://perl5.git.perl.org/perl.git/commitdiff/0c2990d652e985784f095bba4bc356481a66aa06

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=WDfiMmElTR&a=cc_unsubscribe



More information about the perl-devel mailing list