Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in perl-5.22.4-i686-2 |
|Cucumber 1.0 x86_64||fixed in perl-5.22.4-x86_64-2 |
|Cucumber 1.1 i686
||fixed in perl-5.22.4-i686-2 |
|Cucumber 1.1 x86_64
||fixed in perl-5.22.4-x86_64-2 |
Buffer overflow in the regular expression parser in PERL before 5.24.3-RC1 and
5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service
(crash) or leak data from memory via vectors involving use of RExC_parse in the
vFAIL macro (https://nvd.nist.gov/vuln/detail/CVE-2017-12883).
Perl 5.22.4 is also vulnerable to this. Despite the fact that Perl 5.22 is
"still supported," the Perl developers apparantly do not intend to release a new
Perl version fixing this. Fortunately, we can backport their patch from
to fix it.
Note we had to change this patch slightly to get it to work with Perl 5.22.
We did this by taking their official patch URL
and changing the first commit to be the Perl 5.22.4 commit
which resulted in a URL of
We then cherry picked this one change from that diff.
The actual patch that we used to patch Perl 5.22 can be found at: