SB2017101071 - Buffer overflow in perl (Alpine package)
Published: October 10, 2017
Security Bulletin ID
SB2017101071
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2017-12883)
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid 'N{U+...}' escape.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=912943c6a0b3e2801e81ecfc708bfa61d882caeb
- https://git.alpinelinux.org/aports/commit/?id=b016cc93af3bf95f617ec73a5e75228aed3235fc
- https://git.alpinelinux.org/aports/commit/?id=bbc6185fa840cf1ceda1ac42aeae5bef8eb65357
- https://git.alpinelinux.org/aports/commit/?id=cd0cf727fceef7bea9e79276c4511ec704e6143b
- https://git.alpinelinux.org/aports/commit/?id=219509798de8a60027c708a1f8884a6885e73471
- https://git.alpinelinux.org/aports/commit/?id=c088ac63d28d02d8ccd2a846809f5e00515fce81