Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Aug 2011 10:58:44 -0600
From: Vincent Danen <>
Subject: CVE request: heap overflow in perl while decoding Unicode string

Does anyone know more about this flaw?  It's in perl and the Encode

! Unicode/Unicode.xs
   Addressed the following:
     Date: Fri, 22 Jul 2011 13:58:43 +0200
     From: Robert Zacek <>
     Subject: Unicode.xs!decode_xs n-byte heap-overflow

It's been fixed in perl:

Seems to be in all versions of perl since 5.10.0.

There isn't really information on the impact of this though.  I don't
know enough to determine whether this is something that can cause
arbitrary code execution, whether some gcc/glibc hardening prevents or
minimizes the impact, whether it's a crash-only, etc.  It has been asked
on the perl5-porters list, but no response was given:

Does anyone know anything more about this flaw?  Could a CVE be assigned
to it as well?


Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ