CVE-2010-1158
Published: 20 April 2010
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
Notes
Author | Note |
---|---|
mdeslaur | this is a denial of service issue that stems from the re engine being recursive. The engine was rewritten in 5.10, and the patch is intrusive so backporting it may be more trouble than it's worth. Marking as ignored for now since this is more a limitation in the engine design than a security issue. |
Priority
Status
Package | Release | Status |
---|---|---|
perl Launchpad, Ubuntu, Debian |
dapper |
Ignored
|
hardy |
Ignored
|
|
intrepid |
Not vulnerable
(5.10.0-11.1ubuntu2.3)
|
|
jaunty |
Not vulnerable
(5.10.0-19ubuntu1.1)
|
|
karmic |
Not vulnerable
(5.10.0-24ubuntu4)
|
|
lucid |
Not vulnerable
(5.10.1-8ubuntu2)
|
|
upstream |
Released
(5.10.0)
|
|
Patches: upstream: http://perl5.git.perl.org/perl.git/commitdiff/95b2444054 |