Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Perl and is prone to Denial of Service Vulnerability.

Impact

Attackers can exploit this issue to crash an affected application via specially crafted UTF-8 data leading to Denial of Service. Impact Level: Application

Solution

Apply the patch. http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 ***** NOTE: Ignore this warning if the above mentioned patch is already applied. *****

Insight

An error occurs in Perl while matching an utf-8 character with large or invalid codepoint with a particular regular expression.

Affected

Perl version 5.10.1 on Windows.

References

http://www.openwall.com/lists/oss-security/2009/10/23/8
http://xforce.iss.net/xforce/xfdb/53939
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3626

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

eZ/eZphotoshare Denial of Service
ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)
ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
Apache Subversion 'mod_dav_svn' Module Multiple DoS Vulnerabilities
Cherokee POST request DoS

Take action and discover your vulnerabilities