Bugzilla – Bug 915514
VUL-0: CVE-2013-7422: perl: segmentation fault in S_regmatch on negative backreference
Last modified: 2019-05-14 06:32:32 UTC
An integer underflow flaw was discovered in the way Perl parsed regular expression backreferences. An attacker able to supply a crafted regular expression to a Perl application could possibly use this flaw to crash that application.
$ perl -e '/\7777777777/'
I couldn't reproduce this on SLE 11 SP3 or on openSUSE 13.2. But judging from the perl bug report we should be affected. Please have a look.
Isn't that a dup of 372331 (CVE-2007-5116)?
(In reply to Michael Schroeder from comment #1)
Seems like perl-regexp-refoverflow.diff is protecting us. Do you want to change to the upstream patch? Feel free to close this as invalid if perl-regexp-refoverflow.diff is enough to protect us (seems like it).
I think we're fine for now. I'll switch to the official patch with the next maintenance update, though.