develooper Front page | perl.perl5.porters | Postings from September 2019

[perl #134325] Heap buffer overflow

From:
Sawyer X via RT
Date:
September 19, 2019 06:10
Subject:
[perl #134325] Heap buffer overflow
Message ID:
rt-4.0.24-4644-1568873438-576.134325-15-0@perl.org
On Sat, 31 Aug 2019 11:15:36 -0700, nguyenmanhdung1710@gmail.com wrote:
> Thanks for the patch. Do you think it is an exploitable bug? Can I request
> a CVE for this bug?

Hi,

I'm quoting Tony Cook here:

    All cases for both tickets are bad reads, either of freed memory, or
    beyond the end of a buffer.

    None of the reads result in returning data to a potential attacker
    that I can see.

    According to our usual criteria such reads aren't a security issue.

    Can an attacker craft a regexp with data at the offset 65535 point to
    do undesirable things?  Could they make the engine loop at regexp
    compile time or runtime so control isn't returned to the calling perl
    code?

    I'm not sure.

While we are looking into this, we would appreciate any help in proving this. If we can answer Tony's questions, we can discern better if this suits as a security issue.

---
via perlbug:  queue: perl5 status: pending release
https://rt.perl.org/Ticket/Display.html?id=134325



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About