CVE-2015-8853 (retired)

Priority
Description
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in
regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause
a denial of service (infinite loop) via crafted utf-8 data, as demonstrated
by "a\x80."
Package
Source: perl (LP Ubuntu Debian)
Upstream:released (5.22.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):released (5.14.2-6ubuntu2.7)
Ubuntu 14.04 LTS (Trusty Tahr):released (5.18.2-2ubuntu1.4)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (5.22.1-9)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (5.22.1-9)
Patches:
Upstream:https://perl5.git.perl.org/perl.git/commit/22b433eff9a1ffa2454e18405a56650f07b385b5
Upstream:https://perl5.git.perl.org/perl.git/commit/d820a0ff34c7df39297a54193fd756bb42c5c06e
More Information

Updated: 2019-03-26 12:17:48 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)