oss-sec mailing list archives
Re: CVE request:Perl bug #48156
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 24 Apr 2008 21:43:53 +0200
* Steven M. Christey:
removing vendor-sec just in case, since oss-security is archived. ====================================================== Name: CVE-2008-1927 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927 Reference: MISC:http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792 Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
Oops, I think this is a heap overflow, not a double-free vulnerability. The GNU libc error message which is triggered by the heap corruption can be a bit misleading.
Current thread:
- CVE request:Perl bug #48156 Jonathan Smith (Apr 20)
- Re: CVE request:Perl bug #48156 Steven M. Christey (Apr 23)
- Re: CVE request:Perl bug #48156 Florian Weimer (Apr 24)
- Re: CVE request:Perl bug #48156 Steven M. Christey (Apr 23)