Perl: Denial of Service — GLSA 201507-11

A vulnerability in Perl allows a remote attacker to cause Denial of Service.

Affected Packages

dev-lang/perl on all architectures
Affected versions < 5.20.1-r4
Unaffected versions >= 5.20.1-r4

Background

Perl is a highly capable, feature-rich programming language.

Description

S_regmatch() function lacks proper checks before passing arguments to atoi()

Impact

A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Perl users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.20.1-r4"
 

References

Release Date
July 10, 2015

Latest Revision
July 10, 2015: 1

Severity
normal

Exploitable
remote

Bugzilla entries