summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Hay <steve.m.hay@googlemail.com>2020-05-29 21:21:35 +0100
committerSteve Hay <steve.m.hay@googlemail.com>2020-05-29 21:21:35 +0100
commit172076aed192c9e81857e854a3fbd05031b4ab67 (patch)
tree3d8dd7819fd30976613cf2edb0465b64ccdcc72a
parentc9c8a9abd0770911496d235f2243ead5b4002f26 (diff)
downloadperl-172076aed192c9e81857e854a3fbd05031b4ab67.tar.gz
perldelta - Acknowledge discoverers of security vulnerabilities
Diffstat
-rw-r--r--pod/perldelta.pod6
1 files changed, 6 insertions, 0 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index 041df6a2cf..2f2db3605c 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -25,6 +25,8 @@ The target system needs a sufficient amount of memory to allocate partial
expansions of the nested quantifiers prior to the overflow occurring. This
requirement is unlikely to be met on 64-bit systems.
+Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup).
+
=head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression
Integer overflows in the calculation of offsets between instructions for the
@@ -32,6 +34,8 @@ regular expression engine could cause corruption of the intermediate language
state of a compiled regular expression. An attacker could abuse this behaviour
to insert instructions into the compiled form of a Perl regular expression.
+Discovered by: Hugo van der Sanden and Slaven Rezic.
+
=head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression
Recursive calls to C<S_study_chunk()> by Perl's regular expression compiler to
@@ -39,6 +43,8 @@ optimize the intermediate language representation of a regular expression could
cause corruption of the intermediate language state of a compiled regular
expression.
+Discovered by: Sergey Aleynikov.
+
=head2 Additional Note
An application written in Perl would only be vulnerable to any of the above
View Lorry Controller Status