CVE-2017-12837

Impact:
Low
Public Date:
2017-09-12
CWE:
CWE-122
Bugzilla:
1492091: CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
A heap write buffer overflow was found in perl's S_regatom() function, which is used in the compilation of regular expressions, resulting in the crash of the perl interpreter. An attacker, able to provide a specially crafted regular expression, could cause a denial of service.

Find out more about CVE-2017-12837 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect perl versions older than 5.18. Perl as shipped in Red Hat Enterprise Linux 7 and older are not affected by this vulnerability.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.9
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux rh-perl524-perl Will not fix
Red Hat Software Collections for Red Hat Enterprise Linux rh-perl520-perl Will not fix
Red Hat Enterprise Linux 7 perl Not affected
Red Hat Enterprise Linux 6 perl Not affected
Red Hat Enterprise Linux 5 perl Not affected

Acknowledgements

Red Hat would like to thank Sawyer X (Perl) for reporting this issue.
Last Modified