CVE-2017-12837

Опубликовано: 12 сент. 2017

Источник: redhat

CVSS3: 5.9

Описание

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

A heap write buffer overflow was found in perl's S_regatom() function, which is used in the compilation of regular expressions, resulting in the crash of the perl interpreter. An attacker, able to provide a specially crafted regular expression, could cause a denial of service.

Отчет

This issue does not affect perl versions older than 5.18. Perl as shipped in Red Hat Enterprise Linux 7 and older are not affected by this vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	perl	Not affected
Red Hat Enterprise Linux 6	perl	Not affected
Red Hat Enterprise Linux 7	perl	Not affected
Red Hat Software Collections	rh-perl520-perl	Will not fix
Red Hat Software Collections	rh-perl524-perl	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1492091perl: Heap buffer overflow in regular expression compiler

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2017-12837

CVSS3: 7.5

ubuntu

больше 8 лет назад

CVE-2017-12837

CVSS3: 7.5

nvd

больше 8 лет назад

CVE-2017-12837

CVSS3: 7.5

debian

больше 8 лет назад

Heap-based buffer overflow in the S_regatom function in regcomp.c in P ...

GHSA-q52c-c9hv-jc77

CVSS3: 7.5

github

больше 3 лет назад

openSUSE-SU-2017:3101-1

suse-cvrf

около 8 лет назад

Security update for perl

5.9 Medium

CVSS3