oss-sec mailing list archives

CVE request: heap overflow in perl while decoding Unicode string

From: Vincent Danen <vdanen () redhat com>
Date: Thu, 18 Aug 2011 10:58:44 -0600

Does anyone know more about this flaw?  It's in perl and the Encode
module:

http://cpansearch.perl.org/src/DANKOGAI/Encode-2.44/Changes

! Unicode/Unicode.xs
  Addressed the following:
    Date: Fri, 22 Jul 2011 13:58:43 +0200
    From: Robert Zacek <zacek () avast com>
    To: perl5-security-report () perl org
    Subject: Unicode.xs!decode_xs n-byte heap-overflow

It's been fixed in perl:

http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5

Seems to be in all versions of perl since 5.10.0.

There isn't really information on the impact of this though.  I don't
know enough to determine whether this is something that can cause
arbitrary code execution, whether some gcc/glibc hardening prevents or
minimizes the impact, whether it's a crash-only, etc.  It has been asked
on the perl5-porters list, but no response was given:

http://permalink.gmane.org/gmane.comp.lang.perl.perl5.porters/98004

Does anyone know anything more about this flaw?  Could a CVE be assigned
to it as well?

Thanks.

--

Vincent Danen / Red Hat Security Response Team

Current thread:

CVE request: heap overflow in perl while decoding Unicode string Vincent Danen (Aug 18)
- Re: CVE request: heap overflow in perl while decoding Unicode string Josh Bressers (Aug 19)