oss-sec mailing list archives
CVE Request: perl: denial-of-service / Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU
From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 20 Apr 2016 11:18:32 +0200
Hi A bug in perl can cause regular expressions an malformed UTF8 inputs to go into a forever loop and consume 100% CPU. The issue was found to drive a realworld web application into an infinite loop" The Upstream bugreport about this issue: https://rt.perl.org/Public/Bug/Display.html?id=123562 Upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5 (which e.g. has been as well cherry-picked back to the maint-5.22 branch). It as well was reported in Debian as: https://bugs.debian.org/821848 Could you assign a CVE for this issue? Regards, Salvatore
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: perl: denial-of-service / Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU Salvatore Bonaccorso (Apr 20)