Your submission was sent successfully! Close

CVE-2014-4330

Published: 30 September 2014

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.

Priority

Low

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
Upstream
Released (5.20.1-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.18.2-2ubuntu1.1)
Patches:
Upstream: http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304