Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-12883

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

Related bugs and status

CVE-2017-12883 (Candidate) is related to these bugs:

Bug #1717367: FTBFS: segfaults in testsuite with perl 5.26.0-7

		In	Importance	Status
1717367	FTBFS: segfaults in testsuite with perl 5.26.0-7	libanyevent-perl (Ubuntu)	Undecided	Invalid
1717367	FTBFS: segfaults in testsuite with perl 5.26.0-7	perl (Ubuntu)	Undecided	Fix Released
1717367	FTBFS: segfaults in testsuite with perl 5.26.0-7	glibc (Ubuntu)	Undecided	Invalid
1717367	FTBFS: segfaults in testsuite with perl 5.26.0-7	glibc (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
CONFIRM: https://perl5.git.perl...
CONFIRM: https://perl5.git.perl...
CONFIRM: https://perl5.git.perl...
BID: 100852
CONFIRM: http://mirror.cucumber...
CONFIRM: https://rt.perl.org/Pu...
DEBIAN: DSA-3982
CONFIRM: https://security.netap...
MISC: https://www.oracle.com...