CVE-2017-12837Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow10 documents8 sources
Severity
7.5HIGHNVD
EPSS
3.2%
top 13.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PerlDebian PerlApple Macos High Sierra 10.13.2 Security Update 2017-002 Sierra AND Security Update 20
Timeline
PublishedSep 19
Latest updateMay 13

Description

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

debiandebian/perl< perl 5.26.0-8 (bookworm)
Debianperl/perl< 5.26.0-8+3
Ubuntuperl/perl< 5.18.2-2ubuntu1.3+1
NVDperl/perl5.24.2+1

Patches

Patch: bugzilla.redhat.comPatch: perl5.git.perl.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-q52c-c9hv-jc77: Heap-based buffer overflow in the S_regatom function in regcomp2022-05-13
OSV
perl vulnerabilities2017-11-13
OSV
CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp2017-09-19

📋Vendor Advisories

4
Apple
CVE-2017-12837: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan2017-12-06
Ubuntu
Perl vulnerabilities2017-11-13
Red Hat
perl: Heap buffer overflow in regular expression compiler2017-09-12
Debian
CVE-2017-12837: perl - Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 befo...2017

💬Community

2
Bugzilla
CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler2017-09-15
Bugzilla
CVE-2017-12837 CVE-2017-12883 perl: various flaws [fedora-all]2017-09-15