Vigil@nce - Perl: denial of service via a regular expression
April 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When an attacker can change a regular expression, he can generate
a denial of service.
Severity: 1/4
Creation date: 14/04/2010
DESCRIPTION OF THE VULNERABILITY
A Perl regular expression is used to search a pattern in a text
string. In most cases, the user cannot modify regular expressions
used by a program.
The Perl regular expression engine does not correctly manage
regular expressions searching a pattern in a long string. An error
occurs and stops Perl.
When an attacker can change a regular expression, he can therefore
generate a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-denial-of-service-via-a-regular-expression-9590