Para conhecimento.<br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Jan Lieskovsky</b> <span dir="ltr"><<a href="mailto:jlieskov@redhat.com">jlieskov@redhat.com</a>></span><br>
Date: 2010/4/8<br>Subject: [oss-security] CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)<br>To: "Steven M. Christey" <<a href="mailto:coley@linus.mitre.org">coley@linus.mitre.org</a>><br>
Cc: oss-security <<a href="mailto:oss-security@lists.openwall.com">oss-security@lists.openwall.com</a>><br><br><br>Hi Steve, vendors,<br>
<br>
1, wouldn't like to open a can of worms,<br>
2, but for purpose of properly tracking it, requesting a CVE id for the<br>
following Perl regular expression engine issue:<br>
<br>
Bruce Merry reported:<br>
[1] <a href="http://bugs.gentoo.org/show_bug.cgi?id=313565" target="_blank">http://bugs.gentoo.org/show_bug.cgi?id=313565</a><br>
<br>
an integer overflow, leading to stack overflow in the way<br>
Perl regular expression engine processed certain regular<br>
expression(s). Remote attacker could use this flaw to cause<br>
a denial of service (crash of an application, using the<br>
Perl regular expression engine).<br>
<br>
Public PoC from [1]:<br>
--------------------<br>
perl -e 'if ((("a " x 100000) . "a\n") =~ /\A\S+(?: \S+)*\n\z/) {}'<br>
<br>
References:<br>
[2] <a href="http://bugs.gentoo.org/show_bug.cgi?id=313565" target="_blank">http://bugs.gentoo.org/show_bug.cgi?id=313565</a><br>
[3] <a href="https://bugzilla.redhat.com/show_bug.cgi?id=580605" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=580605</a><br>
<br>
Affected Perl versions:<br>
Issue tested and confirmed in Perl of versions v5.8.*.<br>
Versions of Perl v5.10.* are not affected by this.<br>
<br>
Steve, what's the Mitre's opinion on cases like this --<br>
denial of service reachable via certain regular expression.<br>
<br>
Should we track them on per issue basis? Or only for cases,<br>
where more than a DoS is possible? (doesn't seem to be<br>
this case though).<br>
<br>
Thanks && Regards, Jan.<br><font color="#888888">
--<br>
Jan iankko Lieskovsky / Red Hat Security Response Team<br>
</font></div><br>