Perl 5.10.x allows context-dependent attackers to cause a denial of service
(NULL pointer dereference and application crash) by leveraging an ability
to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4)
getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
sbeattie> toucan systems advisory has PoC
sarnold> ignoring this CVE: flaw requires extremely poorly written software
to exploit the problem (allow input to modify the number of arguments
to fundamental functions), crashes do not appear to be under argument
control. Upstream Perl team does not consider it a security-relevant
problem and thus have not prepared any patches.
Updated: 2016-01-26 17:38:34 UTC (commit 10507)