Bug 443928 (CVE-2008-1927) - CVE-2008-1927 perl: heap corruption by regular expressions with utf8 characters
Summary: CVE-2008-1927 perl: heap corruption by regular expressions with utf8 characters
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-1927
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Depends On: 449319 449320 449321 449322 449323 449324 466966 466967
Blocks: 466968
TreeView+ depends on / blocked
 
Reported: 2008-04-24 07:10 UTC by Tomas Hoger
Modified: 2019-09-29 12:24 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-06-17 16:20:36 UTC


Attachments (Terms of Use)
Patch from DSA-1556-1 (8.06 KB, patch)
2008-04-25 06:54 UTC, Tomas Hoger
no flags Details | Diff
Test case extracted from Debian patch (400 bytes, text/plain)
2008-04-25 07:02 UTC, Tomas Hoger
no flags Details
Test case from Debian bug #454792 (250 bytes, text/plain)
2008-04-25 07:42 UTC, Tomas Hoger
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0522 0 normal SHIPPED_LIVE Important: perl security update 2008-06-11 19:20:00 UTC
Red Hat Product Errata RHSA-2008:0532 0 normal SHIPPED_LIVE Important: perl security update 2008-06-17 16:08:41 UTC
Red Hat Product Errata RHSA-2010:0602 0 normal SHIPPED_LIVE Moderate: Red Hat Certificate System 7.3 security update 2010-08-05 14:04:51 UTC

Description Tomas Hoger 2008-04-24 07:10:09 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1927 to the following vulnerability:

Double free vulnerability in Perl 5.8.8 allows context-dependent
attackers to cause a denial of service (memory corruption and crash)
via a crafted regular expression containing UTF8 characters.  NOTE:
this issue might only be present on certain operating systems.

References:
http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792

Comment 2 Tomas Hoger 2008-04-25 07:02:43 UTC
Created attachment 303746 [details]
Test case extracted from Debian patch

Comment 3 Tomas Hoger 2008-04-25 07:42:10 UTC
Created attachment 303751 [details]
Test case from Debian bug #454792

Comment 8 Fedora Update System 2008-04-29 20:58:48 UTC
perl-5.8.8-39.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2008-04-29 20:59:25 UTC
perl-5.8.8-29.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Johnny Hughes 2008-05-21 10:25:43 UTC
it seems that segfaults can be produced in RHEL-3, RHEL-4, and RHEL-5 with test
case attachment in #2.

Is this issue being addressed for RHEL?

Comment 15 errata-xmlrpc 2010-08-04 21:32:46 UTC
This issue has been addressed in following products:

  Red Hat Certificate System 7.3

Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html


Note You need to log in before you can comment on or make changes to this bug.