Red Hat Bugzilla – Bug 912276
CVE-2013-1667 perl: DoS in rehashing code
Last modified: 2015-07-31 07:35:28 EDT
A denial of service flaw was found in the way Perl's rehashing code implementation (responsible for recalculation of hash keys and redistribution of hash content) used to react on certain user's input. If a Perl language based application accepted untrusted user input as hash keys, an attacker could use this flaw to cause the perl executable to consume excessive amount of memory (a denial of service via memory exhaustion).
Created attachment 698789 [details]
Proposed upstream patch against perl-5.8.5 version
Created attachment 698790 [details]
Proposed upstream patch against perl-5.8.8 version
Created attachment 698791 [details]
Proposed upstream patch against perl-5.10.1 version
Created attachment 698792 [details]
Proposed upstream patch against perl-5.12.5 version
Created attachment 698793 [details]
Proposed upstream patch against perl-5.14.3 version
Created attachment 698794 [details]
Proposed upstream patch against perl-5.16.2 version
Red Hat would like to thank Perl project for reporting this issue. Upstream acknowledges Yves Orton as the original issue reporter.
This issue affects the versions of the perl package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of the perl package, as shipped with Fedora release of 17 and 18.
Created attachment 705064 [details]
Upstream 5.8.8 patch ported to RHEL-5 perl
This is now corrected upstream:
Prevent premature hsplit() calls, and only trigger REHASH after hsplit():
Created perl tracking bugs for this issue
Affects: fedora-all [bug 918008]
perl-5.16.2-240.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2013:0685 https://rhn.redhat.com/errata/RHSA-2013-0685.html
perl-5.14.4-224.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.