Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Perl | Perl | 5.8.1 (including) | 5.8.1 (including) |
| Perl | Perl | 5.8.2 (including) | 5.8.2 (including) |
| Perl | Perl | 5.8.3 (including) | 5.8.3 (including) |
| Perl | Perl | 5.8.4 (including) | 5.8.4 (including) |
| Perl | Perl | 5.8.5 (including) | 5.8.5 (including) |
| Perl | Perl | 5.8.6 (including) | 5.8.6 (including) |
| Perl | Perl | 5.8.7 (including) | 5.8.7 (including) |
| Perl | Perl | 5.8.8 (including) | 5.8.8 (including) |
| Perl | Perl | 5.8.9 (including) | 5.8.9 (including) |
| Perl | Ubuntu | dapper | * |
| Perl | Ubuntu | hardy | * |
| Perl | Ubuntu | upstream | * |
References
- http://bugs.gentoo.org/show_bug.cgi?id=313565
- http://perldoc.perl.org/perl5100delta.html
- http://secunia.com/advisories/55314
- http://www.openwall.com/lists/oss-security/2010/04/08/9
- http://www.openwall.com/lists/oss-security/2010/04/14/3
- https://bugzilla.redhat.com/show_bug.cgi?id=580605
- http://bugs.gentoo.org/show_bug.cgi?id=313565
- http://perldoc.perl.org/perl5100delta.html
- http://secunia.com/advisories/55314
- http://www.openwall.com/lists/oss-security/2010/04/08/9
- http://www.openwall.com/lists/oss-security/2010/04/14/3
- https://bugzilla.redhat.com/show_bug.cgi?id=580605