https://bugzilla.redhat.com/show_bug.cgi?id=1329106
Bug ID: 1329106 Summary: CVE-2015-8853 perl: regexp matching hangs indefinitely on illegal UTF-8 input Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-t...@redhat.com Reporter: ane...@redhat.com CC: cw...@alumni.drew.edu, iarn...@gmail.com, jor...@redhat.com, jples...@redhat.com, ka...@ucw.cz, mmasl...@redhat.com, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, ppi...@redhat.com, psab...@redhat.com, rc040...@freenet.de, rmegg...@redhat.com, tcall...@redhat.com A vulnerability was found in perl. The regex engine got into an infinite loop because of the malformation. It is trying to back-up over a sequence of UTF-8 continuation bytes. The character just before the sequence should be a start byte. If it's not, there is a malformation which results in "hang" of regexp matching and CPU exhaustion. -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org