915514 – (CVE-2013-7422) VUL-0: CVE-2013-7422: perl: segmentation fault in S_regmatch on negative backreference

Bug 915514 (CVE-2013-7422) - VUL-0: CVE-2013-7422: perl: segmentation fault in S_regmatch on negative backreference

Summary: VUL-0: CVE-2013-7422: perl: segmentation fault in S_regmatch on negative back...

Status:	RESOLVED INVALID

Alias:	CVE-2013-7422

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Michael Schröder
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/113238/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-01-30 08:40 UTC by Johannes Segitz
Modified:	2019-05-14 06:32 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2015-01-30 08:40:08 UTC

An integer underflow flaw was discovered in the way Perl parsed regular expression backreferences. An attacker able to supply a crafted regular expression to a Perl application could possibly use this flaw to crash that application.

Reproducer:

$ perl -e '/\7777777777/'
Segmentation fault

I couldn't reproduce this on SLE 11 SP3 or on openSUSE 13.2. But judging from the perl bug report we should be affected. Please have a look.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1187149
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7422
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7422.html
https://rt.perl.org/Public/Bug/Display.html?id=119505
http://perl5.git.perl.org/perl.git/commitdiff/0c2990d652e985784f095bba4bc356481a66aa06

Comment 1 Michael Schröder 2015-01-30 11:00:04 UTC

Isn't that a dup of 372331 (CVE-2007-5116)?

Comment 2 Johannes Segitz 2015-01-30 11:26:37 UTC

(In reply to Michael Schroeder from comment #1)
Seems like perl-regexp-refoverflow.diff is protecting us. Do you want to change to the upstream patch? Feel free to close this as invalid if perl-regexp-refoverflow.diff is enough to protect us (seems like it).

Comment 3 Michael Schröder 2015-01-30 12:01:36 UTC

I think we're fine for now. I'll switch to the official patch with the next maintenance update, though.