develooper Front page | perl.perl5.porters | Postings from August 2019

[perl #131999] Heap-buffer-over-flow in Storable.xs:retrieve_hookthat could lead to RCE

From:
Tony Cook via RT
Date:
August 6, 2019 04:54
Subject:
[perl #131999] Heap-buffer-over-flow in Storable.xs:retrieve_hookthat could lead to RCE
Message ID:
rt-4.0.24-7679-1565067244-227.131999-15-0@perl.org
On Wed, 13 Dec 2017 14:47:23 -0800, tonyc wrote:
> On Tue, 10 Oct 2017 21:27:59 -0700, tonyc wrote:
> > On Tue, Oct 10, 2017 at 08:48:39PM -0700, Nguyen Duc Manh wrote:
> > > # New Ticket Created by  Nguyen Duc Manh 
> > > # Please include the string:  [perl #132264]
> > > # in the subject line of all future correspondence about this issue. 
> > > # <URL: https://rt.perl.org/Ticket/Display.html?id=132264 >
> > > 
> > > 
> > > Hello,
> > > I haven't received your reply for this please?
> > 
> > Sorry for not replying earlier, I've been busy with another project
> > and I guess everyone else is busy too.
> > 
> > We don't support feeding arbitrary or untrusted storable dumps to
> > Storable.
> > 
> > Feeding untrusted data to Storable can lead to much simpler and worse
> > vulnerabilities.
> 
> This isn't a security issue, but it is a bug.
> 
> I've moved it to the public queue.
> 
> I have a fix for it in my working Storable branch.

This was merged into blead as 0079d24564f1f4a127cd1d78827adcab12ee3a33 and included in perl 5.28.

Thanks for the report.

Closing.

Tony

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=131999



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About