CVE-2017-12883 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read10 documents7 sources

Severity

9.1CRITICALNVD

OSV7.5

EPSS

4.7%

top 10.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl

Timeline

PublishedSep 19

Latest updateMay 13

Description

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

▶debiandebian/perl< perl 5.26.0-8 (bookworm)

▶Debianperl/perl< 5.26.0-8+3

▶Ubuntuperl/perl< 5.18.2-2ubuntu1.3+1

▶NVDperl/perl5.24.2+1

Patches

Patch: mirror.cucumberlinux.com ↗Patch: bugzilla.redhat.com ↗Patch: perl5.git.perl.org ↗

🔴Vulnerability Details

GHSA

GHSA-h435-qr7v-xh34: Buffer overflow in the S_grok_bslash_N function in regcomp↗2022-05-13

▶

OSV

perl vulnerabilities↗2017-11-13

▶

OSV

CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp↗2017-09-19

▶

📋Vendor Advisories

Ubuntu

Perl vulnerability↗2017-11-13

▶

Ubuntu

Perl vulnerabilities↗2017-11-13

▶

Red Hat

perl: Buffer over-read in regular expression parser↗2017-09-12

▶

Debian

CVE-2017-12883: perl - Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5....↗2017

▶

💬Community

Bugzilla

CVE-2017-12883 perl: Buffer over-read in regular expression parser↗2017-09-15

▶

Bugzilla

CVE-2017-12837 CVE-2017-12883 perl: various flaws [fedora-all]↗2017-09-15

▶