develooper Front page | perl.perl5.porters | Postings from September 2019

[perl #134325] Heap buffer overflow

Sawyer X via RT
September 19, 2019 06:10
[perl #134325] Heap buffer overflow
Message ID:
On Sat, 31 Aug 2019 11:15:36 -0700, wrote:
> Thanks for the patch. Do you think it is an exploitable bug? Can I request
> a CVE for this bug?


I'm quoting Tony Cook here:

    All cases for both tickets are bad reads, either of freed memory, or
    beyond the end of a buffer.

    None of the reads result in returning data to a potential attacker
    that I can see.

    According to our usual criteria such reads aren't a security issue.

    Can an attacker craft a regexp with data at the offset 65535 point to
    do undesirable things?  Could they make the engine loop at regexp
    compile time or runtime so control isn't returned to the calling perl

    I'm not sure.

While we are looking into this, we would appreciate any help in proving this. If we can answer Tony's questions, we can discern better if this suits as a security issue.

via perlbug:  queue: perl5 status: pending release Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About