https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Stefan Cornelius <scorneli@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low External Bug ID| |Debian BTS 776046 Whiteboard|impact=moderate,public=2015 |impact=low,public=20150123, |0123,reported=20150127,sour |reported=20150127,source=os |ce=oss-security,cvss2=4.3/A |s-security,cvss2=4.3/AV:N/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |C:M/Au:N/C:N/I:N/A:P,cwe=CW |we=CWE-190,fedora-all/perl= |E-190,fedora-all/perl=affec |affected,rhel-5/perl=affect |ted,rhel-5/perl=affected,rh |ed,rhel-6/perl=affected,rhe |el-6/perl=affected,rhel-7/p |l-7/perl=affected,directory |erl=affected,directory_serv |_server_8/perl=new |er_8/perl=affected Severity|medium |low --- Comment #3 from Stefan Cornelius <scorneli@xxxxxxxxxx> --- The code responsible for processing regular expression backreferences in regcomp.c did not properly handle large digit strings. An attacker able to pass specially crafted regular expressions containing large backreferences can exploit this issue to e.g. cause an application crash due to an out-of-bounds read caused by an array indexing error in the S_regmatch() function. It's possible that this flaw may not affect 32bit platforms. SUSE has previously fixed this via http://marc.info/?l=opensuse-commit&m=121933719424130, although this patch is different from the one used Perl upstream. OSS post assigning the CVE: http://www.openwall.com/lists/oss-security/2015/01/27/3 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=e0OeGtePcA&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
