[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
bugzilla at redhat.com
bugzilla at redhat.com
Thu Mar 5 13:15:41 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1187149
Stefan Cornelius <scorneli at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |low
External Bug ID| |Debian BTS 776046
Whiteboard|impact=moderate,public=2015 |impact=low,public=20150123,
|0123,reported=20150127,sour |reported=20150127,source=os
|ce=oss-security,cvss2=4.3/A |s-security,cvss2=4.3/AV:N/A
|V:N/AC:M/Au:N/C:N/I:N/A:P,c |C:M/Au:N/C:N/I:N/A:P,cwe=CW
|we=CWE-190,fedora-all/perl= |E-190,fedora-all/perl=affec
|affected,rhel-5/perl=affect |ted,rhel-5/perl=affected,rh
|ed,rhel-6/perl=affected,rhe |el-6/perl=affected,rhel-7/p
|l-7/perl=affected,directory |erl=affected,directory_serv
|_server_8/perl=new |er_8/perl=affected
Severity|medium |low
--- Comment #3 from Stefan Cornelius <scorneli at redhat.com> ---
The code responsible for processing regular expression backreferences in
regcomp.c did not properly handle large digit strings. An attacker able to pass
specially crafted regular expressions containing large backreferences can
exploit this issue to e.g. cause an application crash due to an out-of-bounds
read caused by an array indexing error in the S_regmatch() function.
It's possible that this flaw may not affect 32bit platforms.
SUSE has previously fixed this via
http://marc.info/?l=opensuse-commit&m=121933719424130, although this patch is
different from the one used Perl upstream.
OSS post assigning the CVE:
http://www.openwall.com/lists/oss-security/2015/01/27/3
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=e0OeGtePcA&a=cc_unsubscribe
More information about the perl-devel
mailing list