Description
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Custom Fields:Table Field Cross-Site Scripting (1.1.12)
WordPress Plugin BuddyPress Multiple Security Bypass Vulnerabilities (7.2.1)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29209)
WordPress Plugin WP Real Estate Unspecified Vulnerability (2.0)