https://bugzilla.redhat.com/show_bug.cgi?id=1329106 Bug ID: 1329106 Summary: CVE-2015-8853 perl: regexp matching hangs indefinitely on illegal UTF-8 input Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@xxxxxxxxxx Reporter: anemec@xxxxxxxxxx CC: cweyl@xxxxxxxxxxxxxxx, iarnell@xxxxxxxxx, jorton@xxxxxxxxxx, jplesnik@xxxxxxxxxx, kasal@xxxxxx, mmaslano@xxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, perl-maint-list@xxxxxxxxxx, ppisar@xxxxxxxxxx, psabata@xxxxxxxxxx, rc040203@xxxxxxxxxx, rmeggins@xxxxxxxxxx, tcallawa@xxxxxxxxxx A vulnerability was found in perl. The regex engine got into an infinite loop because of the malformation. It is trying to back-up over a sequence of UTF-8 continuation bytes. The character just before the sequence should be a start byte. If it's not, there is a malformation which results in "hang" of regexp matching and CPU exhaustion. -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
