diff options
author | Steve Hay <steve.m.hay@googlemail.com> | 2020-05-29 21:21:19 +0100 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2020-05-29 21:21:19 +0100 |
commit | d68385741a9b1789d926d655139d3976b7a13249 (patch) | |
tree | c052b723dd24b3441ace52f7af79eee14d872e40 | |
parent | 7b3f987657fcad311a2809e21cd786b53218007a (diff) | |
download | perl-d68385741a9b1789d926d655139d3976b7a13249.tar.gz |
perldelta - Acknowledge discoverers of security vulnerabilities
-rw-r--r-- | pod/perldelta.pod | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 58fd01de6c..0e30f9f44f 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -25,6 +25,8 @@ The target system needs a sufficient amount of memory to allocate partial expansions of the nested quantifiers prior to the overflow occurring. This requirement is unlikely to be met on 64-bit systems. +Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup). + =head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression Integer overflows in the calculation of offsets between instructions for the @@ -32,6 +34,8 @@ regular expression engine could cause corruption of the intermediate language state of a compiled regular expression. An attacker could abuse this behaviour to insert instructions into the compiled form of a Perl regular expression. +Discovered by: Hugo van der Sanden and Slaven Rezic. + =head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression Recursive calls to C<S_study_chunk()> by Perl's regular expression compiler to @@ -39,6 +43,8 @@ optimize the intermediate language representation of a regular expression could cause corruption of the intermediate language state of a compiled regular expression. +Discovered by: Sergey Aleynikov. + =head2 Additional Note An application written in Perl would only be vulnerable to any of the above |