Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2015-8853

Published: 25 May 2016

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
artful Not vulnerable
(5.22.1-9)
precise
Released (5.14.2-6ubuntu2.7)
trusty
Released (5.18.2-2ubuntu1.4)
upstream
Released (5.22.1-1)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(5.22.1-9)
yakkety Not vulnerable
(5.22.1-9)
zesty Not vulnerable
(5.22.1-9)
Patches:
upstream: https://perl5.git.perl.org/perl.git/commit/22b433eff9a1ffa2454e18405a56650f07b385b5
upstream: https://perl5.git.perl.org/perl.git/commit/d820a0ff34c7df39297a54193fd756bb42c5c06e