Date: Thu, 24 Apr 2008 21:43:53 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: "Steven M. Christey" <coley@...us.mitre.org> Cc: Jonathan Smith <smithj@...ethemallocs.com>, oss-security@...ts.openwall.com Subject: Re: CVE request:Perl bug #48156 * Steven M. Christey: > removing vendor-sec just in case, since oss-security is archived. > > ====================================================== > Name: CVE-2008-1927 > Status: Candidate > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927 > Reference: MISC:http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156 > Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792 > > Double free vulnerability in Perl 5.8.8 allows context-dependent > attackers to cause a denial of service (memory corruption and crash) > via a crafted regular expression containing UTF8 characters. NOTE: > this issue might only be present on certain operating systems. Oops, I think this is a heap overflow, not a double-free vulnerability. The GNU libc error message which is triggered by the heap corruption can be a bit misleading.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.