Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in perl-5.22.4-i686-3 |
|Cucumber 1.0 x86_64||fixed in perl-5.22.4-x86_64-3 |
|Cucumber 1.1 i686
||fixed in perl-5.26.1-i686-1 |
|Cucumber 1.1 x86_64
||fixed in perl-5.26.1-x86_64-1 |
Heap-based buffer overflow in the regular expression compiler in PERL before
5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a
denial of service (crash) via a crafted regular expression with the
case-insensitive modifier (https://nvd.nist.gov/vuln/detail/CVE-2017-12837).
Perl 5.22.4 is also vulnerable to this. Despite the fact that Perl 5.22 is
"still supported," the Perl developers apparantly do not intend to release a new
Perl version fixing this. Fortunately, we can backport their patch from
to fix it.
It was originally claimed that this was fixed in perl-5.22.4-2, however the
patch fixing it was not applied properly. It has now been applied properly in
perl-5.22.4-i686-3 (Cucumber 1.0) and perl-5.26.1-i686-1 (Cucumber 1.1).