perl security vulnerabilities

It's possible to inject eval expression into digest module constructor. Off-by-one overflow in decodexs...

Heap overflow

Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...

Perl decode_xs heap-based buffer overflow

Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...

Perl "decode_xs()"和"File::Glob::bsd_glob()"远程代码执行漏洞

BUGTRAQ ID: 49858 CVE ID: CVE-2011-2728,CVE-2011-2939 Perl是一种高级、通用、直译式、动态的程序语言。 Perl的"decodexs"和"File::Glob::bsdglob"函数在实现上存在远程代码执行漏洞，远程攻击者可利用此漏洞执行任意代码。 1）在处理GLOBALTDIRFUNC旗标时，"File::Glob::bsdglob"函数中存在的错误可被利用造成非法访问和执行任意代码。 2）Encode中的"decodexs"函数中的错误可通过特制输入造成堆缓冲区溢出。 Perl 5.14.1 厂商补丁： Perl ----...