Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Apr 2016 11:18:32 +0200
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Cc: CVE Assignments MITRE <>
Subject: CVE Request: perl: denial-of-service / Regexp-matching "hangs"
 indefinitely on illegal input using binmode :utf8 using 100%CPU


A bug in perl can cause regular expressions an malformed UTF8 inputs
to go into a forever loop and consume 100% CPU. The issue was found to
drive a realworld web application into an infinite loop"

The Upstream bugreport about this issue:

Upstream commit:
(which e.g. has been as well cherry-picked back to the maint-5.22

It as well was reported in Debian as:

Could you assign a CVE for this issue?


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ