CVE-2015-8853

Published: 25 May 2016

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
Upstream
Released (5.22.1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(5.22.1-9)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.18.2-2ubuntu1.4)
Patches:
Upstream: https://perl5.git.perl.org/perl.git/commit/22b433eff9a1ffa2454e18405a56650f07b385b5
Upstream: https://perl5.git.perl.org/perl.git/commit/d820a0ff34c7df39297a54193fd756bb42c5c06e