Regular Expression Denial of Service

Overview Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. Recommendation Update to version 1.13.2, 1.14.1 or later. References - https://github.com/joyent/node-sshpk/blob/v1.13.1/lib/formats/ssh.jsL17 -...

Fedora 27 : 1:perl-Module-CoreList / 4:perl (2018-1c8b49fbc7)

This release provides Perl 5.24.4 that fixes a heap buffer overflow in the pack function and two overflows in the regular expression engine. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Regular Expression Denial of Service

Overview Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 1.4.1, 2.17.2 or later. References - GitHub PR 159 - GitHub Commit b3051b2 - HackerOne Report - GitHub Advis...

Apache Struts REST Plugin OGNL Expression Handling RCE

Remote command execution vulnerability in Apache Struts REST Plugin OGNL expression handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Apache Struts Dynamic Method Invocation Expression Handling RCE

Remote command execution vulnerability in Apache Struts Dynamic Method Invocation expression handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Regular Expression Denial Of Service (ReDoS)

braces is vulnerable to Regular expression Denial of Service ReDoS. parser.js uses regular expression ^\,+?:\,+\,|,?:\,+\,+\ to detects empty braces, consuming 10 seconds matching time for data 50K characters long...

Heap overflow

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...

DEBIAN-CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure...

CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure...

ALPINE-CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...

CVE-2018-6797

CVE-2018-6797 affects Perl 5.18–5.26. A crafted regular expression can trigger a heap-based buffer overflow, with control over written bytes. Public references in the provided documents confirm this vulnerability in Perl and note fixes/updates across distributions (e.g., Fedora perl-5.26.x/CF pat...

CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...

CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...

CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial-of-service ReDoS attacks. The vulnerability exists as a vulnerable regex for parsing heading causes catastrophic backtracking is used in lib/marked.js, allowing a malicious input to consume resources to cause a ReDoS attack...

CVE-2018-9153

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

Cross site request forgery (csrf)

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

Debian DSA-4172-1 : perl - security update

Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow...

Internet Bug Bounty: CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written

An attacker supplies a regular expression containing one or more \xDF characters after an escape putting the regexp into unicode matching mode, such as a \N escape. Each \xDF character adds one byte of overflow, and any other text in the regular expression is written in order, providing the...

CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...