Bug 915514 - (CVE-2013-7422) VUL-0: CVE-2013-7422: perl: segmentation fault in S_regmatch on negative backreference
(CVE-2013-7422)
VUL-0: CVE-2013-7422: perl: segmentation fault in S_regmatch on negative back...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Michael Schröder
Security Team bot
https://smash.suse.de/issue/113238/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-01-30 08:40 UTC by Johannes Segitz
Modified: 2019-05-14 06:32 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2015-01-30 08:40:08 UTC
An integer underflow flaw was discovered in the way Perl parsed regular expression backreferences. An attacker able to supply a crafted regular expression to a Perl application could possibly use this flaw to crash that application.

Reproducer:

$ perl -e '/\7777777777/'
Segmentation fault

I couldn't reproduce this on SLE 11 SP3 or on openSUSE 13.2. But judging from the perl bug report we should be affected. Please have a look.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1187149
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7422
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7422.html
https://rt.perl.org/Public/Bug/Display.html?id=119505
http://perl5.git.perl.org/perl.git/commitdiff/0c2990d652e985784f095bba4bc356481a66aa06
Comment 1 Michael Schröder 2015-01-30 11:00:04 UTC
Isn't that a dup of 372331 (CVE-2007-5116)?
Comment 2 Johannes Segitz 2015-01-30 11:26:37 UTC
(In reply to Michael Schroeder from comment #1)
Seems like perl-regexp-refoverflow.diff is protecting us. Do you want to change to the upstream patch? Feel free to close this as invalid if perl-regexp-refoverflow.diff is enough to protect us (seems like it).
Comment 3 Michael Schröder 2015-01-30 12:01:36 UTC
I think we're fine for now. I'll switch to the official patch with the next maintenance update, though.