Vigil@nce - Perl: integer overflow of Regex Backref
February 2015 by Marc Jacob
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate an integer overflow in via a back
reference in a Perl regular expression, in order to trigger a
denial of service, and possibly to execute code.
Impacted products: Perl Core
Severity: 2/4
Creation date: 26/01/2015
DESCRIPTION OF THE VULNERABILITY
The Perl language supports regular expressions, with search of
patterns already found (backref). The syntax is
"\numberOfTheSearchedGroup".
However, if the group number is too large, the atoi() function
returns a negative integer, and an invalid memory area is accessed.
An attacker can therefore generate an integer overflow in via a
back reference in a Perl regular expression, in order to trigger a
denial of service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-integer-overflow-of-Regex-Backref-16051