|
Message-ID: <1579872259.144003.1313783381867.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Date: Fri, 19 Aug 2011 15:49:41 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: heap overflow in perl while decoding Unicode string I'm going to assign this CVE-2011-2939. It looks like a single byte overflow. It's probably not exploitable (even as a DoS), but to play it safe, I'm assigning this ID. Thanks. -- JB ----- Original Message ----- > Does anyone know more about this flaw? It's in perl and the Encode > module: > > http://cpansearch.perl.org/src/DANKOGAI/Encode-2.44/Changes > > ! Unicode/Unicode.xs > Addressed the following: > Date: Fri, 22 Jul 2011 13:58:43 +0200 > From: Robert Zacek <zacek@...st.com> > To: perl5-security-report@...l.org > Subject: Unicode.xs!decode_xs n-byte heap-overflow > > It's been fixed in perl: > > http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 > > Seems to be in all versions of perl since 5.10.0. > > There isn't really information on the impact of this though. I don't > know enough to determine whether this is something that can cause > arbitrary code execution, whether some gcc/glibc hardening prevents or > minimizes the impact, whether it's a crash-only, etc. It has been > asked > on the perl5-porters list, but no response was given: > > http://permalink.gmane.org/gmane.comp.lang.perl.perl5.porters/98004 > > Does anyone know anything more about this flaw? Could a CVE be > assigned > to it as well? > > Thanks. > > -- > Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.