diff options
author | Steve Hay <steve.m.hay@googlemail.com> | 2020-05-29 21:21:35 +0100 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2020-05-29 21:21:35 +0100 |
commit | 172076aed192c9e81857e854a3fbd05031b4ab67 (patch) | |
tree | 3d8dd7819fd30976613cf2edb0465b64ccdcc72a | |
parent | c9c8a9abd0770911496d235f2243ead5b4002f26 (diff) | |
download | perl-172076aed192c9e81857e854a3fbd05031b4ab67.tar.gz |
perldelta - Acknowledge discoverers of security vulnerabilities
-rw-r--r-- | pod/perldelta.pod | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 041df6a2cf..2f2db3605c 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -25,6 +25,8 @@ The target system needs a sufficient amount of memory to allocate partial expansions of the nested quantifiers prior to the overflow occurring. This requirement is unlikely to be met on 64-bit systems. +Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup). + =head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression Integer overflows in the calculation of offsets between instructions for the @@ -32,6 +34,8 @@ regular expression engine could cause corruption of the intermediate language state of a compiled regular expression. An attacker could abuse this behaviour to insert instructions into the compiled form of a Perl regular expression. +Discovered by: Hugo van der Sanden and Slaven Rezic. + =head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression Recursive calls to C<S_study_chunk()> by Perl's regular expression compiler to @@ -39,6 +43,8 @@ optimize the intermediate language representation of a regular expression could cause corruption of the intermediate language state of a compiled regular expression. +Discovered by: Sergey Aleynikov. + =head2 Additional Note An application written in Perl would only be vulnerable to any of the above |