develooper Front page | perl.perl5.porters | Postings from December 2017

[perl #131990] Heap-buffer-over-flow in Storable::retrieve thatcould lead to RCE

From:
Tony Cook via RT
Date:
December 15, 2017 03:16
Subject:
[perl #131990] Heap-buffer-over-flow in Storable::retrieve thatcould lead to RCE
Message ID:
rt-4.0.24-30925-1513307787-1841.131990-15-0@perl.org
On Wed, 29 Nov 2017 01:29:23 -0800, davem wrote:
> On Tue, Aug 29, 2017 at 09:25:54AM -0700, Nguyen Duc Manh wrote:
> > I found a RCE bug in Storable::retrieve.
> 
> This bug is still present in blead:
> 
>     $ valgrind ./perl -Ilib -e'use Storable; retrieve("/tmp/crafted1")'
>     ...
>     ==11265== Invalid write of size 1
> 
> 
> I don't know what the status of the various Storable WIP branches is,
> or whether any of them fix this issue.

As with the other Storable bug reported to the security this, we don't treat Storable issues as security issues, so I've moved this to the public queue.

This issue is fixed in my work-in-progress branch.

Tony

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=131990



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About