| Summary: | <dev-lang/perl-5.16.3 : Input Rehashing Denial of Service Vulnerability (CVE-2013-1667) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | perl |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/52472/ | ||
| Whiteboard: | A3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 461898 | ||
| Bug Blocks: | |||
The issue is fixed in perl-5.12.5 and >=perl-5.16.2-r1. I'd like to move to perl-5.16.3. But it needs a newer vim version stabilized (see dependency tree). Your call. CVE-2013-1667 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1667): The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. glsa request filed This issue was resolved and addressed in GLSA 201401-11 at http://security.gentoo.org/glsa/glsa-201401-11.xml by GLSA coordinator Chris Reffett (creffett). |
From ${URL} : Description A vulnerability has been reported in Perl, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when rehashing user input, which can be exploited to consume large amounts of memory. Successful exploitation requires that the application uses user input as hash keys. The vulnerability is reported in versions 5.8.2 through 5.16.x. Solution Fixed in the GIT repository. Provided and/or discovered by Reported by the vendor. Original Advisory http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html