Perl Unicode规则表达式缓冲区溢出漏洞

Perl是一款功能强大的编程语言。 Perl的规则表达式引擎存在一个缺陷，远程攻击者可以利用漏洞以Perl进程权限执行任意指令。 在处理Unicode规则表达式时存在一个缓冲区溢出，攻击者构建特殊的输入到规则表达式，可导致Perl不正确分配内存，导致以运行Perl进程的用户进程权限执行任意指令。 RedHat Enterprise Linux Desktop v.5 client RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux v. 5 server RedHat...

Mandrake Linux Security Advisory : pcre (MDKSA-2007:212)

Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the us...

Perl Unicode正则表达式堆溢出漏洞

BUGTRAQ ID: 26350 CVECAN ID: CVE-2007-5116 Perl是一种免费且功能强大的编程语言。 Perl的正则表达式引擎在计算处理正则表达式所需空间的方式存在错误，本地攻击者可能利用此漏洞提升权限。 如果用户所发送到正则表达式中包含有Unicode数据的话，就会导致运行时自动切换到Unicode字符主题，之后再传送的表达式就可能触发堆溢出，导致在用户机器上执行任意指令。 Larry Wall Perl 5.8.8 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1400-1）以及相应补丁: DSA-1400-1：Ne...

Buffer overflow

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...

CVE-2007-1662

Perl-Compatible Regular Expression PCRE library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service crash, possibly involving forward references...

CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...

CVE-2007-4766

Multiple integer overflows in Perl-Compatible Regular Expression PCRE library before 7.3 allow context-dependent attackers to cause a denial of service crash or execute arbitrary code via unspecified escape backslash sequences...

CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...

Code injection

Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes...

CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...

CVE-2007-1659

Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes...

DEBIAN-CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...

CVE-2007-1661

CVE-2007-1661 affects the Perl-Compatible Regular Expression (PCRE) library prior to 7.3, where backtracking can occur when matching certain input bytes against some patterns in non‑UTF‑8 mode, potentially exposing sensitive information or causing a denial of service (crash). The description expl...

CVE-2007-4768

CVE-2007-4768 describes a heap-based buffer overflow in the PCRE library (before 7.3) that can be triggered by a singleton Unicode sequence in a character class in a regex pattern, enabling context-dependent attackers to execute arbitrary code. Connected advisories (e.g., RHSA-2007-1126, Ubuntu U...

CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...

CVE-2007-1662

The documents confirm CVE-2007-1662 affects the PCRE library and causes a denial-of-service (crash) by reading past the end of the string when unmatched brackets/parentheses are searched; vulnerable in PCRE prior to 7.3 as described. No specific exploit details or affected products/versions are p...

CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...

CVE-2007-1659

Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes...

RHEL 3 / 4 / 5 : perl (RHSA-2007:0966)

Updated Perl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration...

RHEL 4 : pcre (RHSA-2007:0968)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2007:0968 advisory. PCRE is a Perl-compatible regular expression library. Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an...