perl -- multiple vulnerabilities

2017-09-19T00:00:00
ID D9E82328-A129-11E7-987E-4F174049B30A
Type freebsd
Reporter FreeBSD
Modified 2017-09-19T00:00:00

Description

SO-AND-SO reports:

CVE-2017-12814: $ENV{$key} stack buffer overflow on Windows A possible stack buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. CVE-2017-12837: Heap buffer overflow in regular expression compiler Compiling certain regular expression patterns with the case-insensitive modifier could cause a heap buffer overflow and crash perl. This has now been fixed. CVE-2017-12883: Buffer over-read in regular expression parser For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed.