develooper Front page | perl.perl5.porters | Postings from August 2018

[perl #133238] [FG-VD-18-095] Perl Memory Corruption VulnerabilityNotification

From:
Tony Cook via RT
Date:
August 9, 2018 01:10
Subject:
[perl #133238] [FG-VD-18-095] Perl Memory Corruption VulnerabilityNotification
Message ID:
rt-4.0.24-27499-1533777040-1140.133238-15-0@perl.org
On Thu, 31 May 2018 16:22:05 -0700, tonyc wrote:
> On Thu, May 31, 2018 at 02:24:18PM -0700, secresearch wrote:
> > The following information pertains to information discovered by
> > Fortinet's
> > FortiGuard Labs. It has been determined that a vulnerability exists
> > in Perl.
> > To streamline the disclosure process, we have created a preliminary
> > advisory
> > which you can find below. This upcoming advisory is purely intended
> > as a
> > reference, and does not contain sensitive information such as proof
> > of
> > concept code.
> 
> This is a stack overflow from parsing a regular expression with deeply
> nested groups, ie:
> 
> /<!--. ?-
> K\s((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((...
> 
> This is only exploitable as a denial of service (it crashes perl).
> 
> We've had this reported to the security list twice before and haven't
> treated it as a security issue.

Also now public and merging into 132609.

Tony

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=133238



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About