oss-sec mailing list archives
CVE request: Digest::SHA double free when using load subroutine
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 15 Jan 2013 10:32:21 +0100
Hi
The following was fixed in Digest-SHA Perl module in Version 5.81:
5.81 Mon Jan 14 05:17:08 MST 2013
- corrected load subroutine (SHA.pm) to prevent double-free
-- Bug #82655: Security issue - segfault
-- thanks to Victor Efimov and Nicholas Clark
for technical expertise and suggestions
Upstream bugreport is: https://rt.cpan.org/Public/Bug/Display.html?id=82655
Diff: https://metacpan.org/diff/release/MSHELOR/Digest-SHA-5.80/MSHELOR/Digest-SHA-5.81
A reproducer is given in the upstream bugreport. Does this warrants a
CVE? (It's at least a DoS).
Regards,
Salvatore
Current thread:
- CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Florian Weimer (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Salvatore Bonaccorso (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Mark Shelor (Jan 17)
- Re: CVE request: Digest::SHA double free when using load subroutine Florian Weimer (Jan 15)
- Re: CVE request: Digest::SHA double free when using load subroutine Kurt Seifried (Jan 15)