Vigil@nce - Perl: infinite loop of UTF-8 Continuation
June 2016 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can send malformed UTF-8 data to a Perl application,
to generate an infinite loop, in order to trigger a denial of
service.
Impacted products: Fedora, Perl Core.
Severity: 2/4.
Creation date: 20/04/2016.
DESCRIPTION OF THE VULNERABILITY
The Perl product can perform a regular expression on UTF-8 data.
However, if the 0x80 character is located at the end of the UTF-8
string, a loop occurs in the regexec.c file.
An attacker can therefore send malformed UTF-8 data to a Perl
application, to generate an infinite loop, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Perl-infinite-loop-of-UTF-8-Continuation-19420