CVE-2008-1927

Publication date 24 April 2008

Last updated 24 July 2024

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
perl	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 5.8.8-12ubuntu0.3
	7.10 gutsy	Fixed 5.8.8-7ubuntu3.4
	7.04 feisty	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 5.8.7-10ubuntu1.2

Notes

jdstrand

perl (at least 5.8 and 5.10) segfault on x86_64 verified all releases -- i386 not affected, x86_64 is affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
perl	Vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792

CVE-2008-1927

Status

Notes

jdstrand

Patch details

References

Related Ubuntu Security Notices (USN)

Other references