FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

perl -- multiple vulnerabilities

Affected packages
5.24.0 <= perl5 < 5.24.3
5.26.0 <= perl5 < 5.26.1

Details

VuXML ID d9e82328-a129-11e7-987e-4f174049b30a
Discovery 2017-09-19
Entry 2017-09-24

SO-AND-SO reports:

CVE-2017-12814: $ENV{$key} stack buffer overflow on Windows

A possible stack buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway.

CVE-2017-12837: Heap buffer overflow in regular expression compiler

Compiling certain regular expression patterns with the case-insensitive modifier could cause a heap buffer overflow and crash perl. This has now been fixed.

CVE-2017-12883: Buffer over-read in regular expression parser

For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed.

References

CVE Name CVE-2017-12814
CVE Name CVE-2017-12837
CVE Name CVE-2017-12883
URL https://metacpan.org/changes/release/SHAY/perl-5.24.3
URL https://metacpan.org/changes/release/SHAY/perl-5.26.1