CVE-2013-7422
https://notcve.org/view.php?id=CVE-2013-7422
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes dependientes del contexto ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una cadena larga de dígitos asociados con una referencia inversa no válida dentro de una expresión regular. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06 http://www.securityfocus.com/bid/75704 http://www.ubuntu.com/usn/USN-2916-1 https://security.gentoo.org/glsa/201507-11 https://support.apple.com/kb/HT205031 • CWE-189: Numeric Errors •
CVE-2014-4330 – Perl 5.20.1 Deep Recursion Stack Overflow
https://notcve.org/view.php?id=CVE-2014-4330
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. El método Dumper en Data::Dumper anterior a 2.154, utilizado en Perl 5.20.1 y anteriores, permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de la pila y caída) a través de una referencia de array con muchas referencias de array anidadas, lo que provoca un número grande de llamadas recursivas a la función DD_dump. A stack overflow was discovered when serializing data via the Data::Dumper extension which is part of Perl-Core. By using the "Dumper" method on a large Array-Reference which recursively contains other Array-References, it is possible to cause many recursive calls to the DD_dump native function and ultimately exhaust all available stack memory. • http://advisories.mageia.org/MGASA-2014-0406.html http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html http://seclists.org/fulldisclosure/2014/Sep/84 http://seclists.org/oss-sec/2014/q3/692 http://secunia.com/advisories/61441 http://secunia.com/advisories/61961 http://www.mandriva.com/security/advisories?name=MDVSA-2015:136 http://www.nntp.perl.org/group/perl.p • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •