Perl Improper Input Validation Vulnerability (CVE-2015-8853)

Description

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

Remediation

References

CVE-2015-8853

Related Vulnerabilities

Apache Tomcat Other Vulnerability (CVE-2011-1088)

Oracle Database Server CVE-2009-1979 Vulnerability (CVE-2009-1979)

WordPress Plugin Password Protected Open Redirect (1.4)

PHP Improper Input Validation Vulnerability (CVE-2008-7068)

WordPress Plugin ZWM Zeumic Work Management Multiple Unspecified Vulnerabilities (1.0.11)

Severity

High

Classification

CVE-2015-8853 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H