PublicDateAtUSN: 2012-01-13
Candidate: CVE-2011-2939
PublicDate: 2012-01-13 18:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939
 http://www.openwall.com/lists/oss-security/2011/08/19/17
 https://ubuntu.com/security/notices/USN-1643-1
Description:
 Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the
 Encode module before 2.44, as used in Perl before 5.15.6, might allow
 context-dependent attackers to cause a denial of service (memory
 corruption) via a crafted Unicode string, which triggers a heap-based
 buffer overflow.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: low
Discovered-by:
Assigned-to: sarnold
CVSS: 

Patches_perl:
 other: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
 vendor: https://rhn.redhat.com/errata/RHSA-2011-1424.html
upstream_perl: released (5.12.4-4)
hardy_perl: not-affected (5.8.8-12ubuntu0.5)
lucid_perl: released (5.10.1-8ubuntu2.2)
maverick_perl: ignored (reached end-of-life)
natty_perl: ignored (reached end-of-life)
oneiric_perl: not-affected (5.12.4-4)
precise_perl: not-affected (5.12.4-4)
quantal_perl: not-affected (5.12.4-4)
devel_perl: not-affected (5.12.4-4)