Vigil@nce - Perl: overflow of one byte of Encode
August 2011 by Marc Jacob
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use data larger than 8Mb, in order to generate an
overflow of one byte in the Perl Encode module, which possibly
leads to a denial of service or to code execution.
Severity: 1/4
Creation date: 22/08/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Perl Encode module processes the encoding and the decoding of
data.
The Perl language can be extended via the XS interface, which is
used to develop features in C language.
The cpan/Encode/Unicode/Unicode.xs file implements in C the
encoding and the decoding of UTF-8 Unicode for Perl. The
decode_xs() function of the Unicode.xs file optimizes the memory
size when the data size is superior to 8Mo (and when data contain
numerous UTF-8 characters on one byte). However, the computation
of the optimized size is invalid. The allocated size is thus too
short of one byte.
An attacker can therefore use data larger than 8Mb, in order to
generate an overflow of one byte in the Perl Encode module, which
possibly leads to a denial of service or to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-overflow-of-one-byte-of-Encode-10937