Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Apr 2016 11:18:32 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: CVE Assignments MITRE <cve-assign@...re.org>
Subject: CVE Request: perl: denial-of-service / Regexp-matching "hangs"
 indefinitely on illegal input using binmode :utf8 using 100%CPU

Hi

A bug in perl can cause regular expressions an malformed UTF8 inputs
to go into a forever loop and consume 100% CPU. The issue was found to
drive a realworld web application into an infinite loop"

The Upstream bugreport about this issue:

https://rt.perl.org/Public/Bug/Display.html?id=123562

Upstream commit:

http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
(which e.g. has been as well cherry-picked back to the maint-5.22
branch).

It as well was reported in Debian as:

https://bugs.debian.org/821848

Could you assign a CVE for this issue?

Regards,
Salvatore

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ