Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Perl and is prone to Denial of Service Vulnerability.

Impact

Attackers can exploit this issue to crash an affected application via specially crafted UTF-8 data leading to Denial of Service. Impact Level: Application

Solution

Apply the patch. http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 ***** NOTE: Ignore this warning if the above mentioned patch is already applied. *****

Insight

An error occurs in Perl while matching an utf-8 character with large or invalid codepoint with a particular regular expression.

Affected

Perl version 5.10.1 on Windows.

References

http://www.openwall.com/lists/oss-security/2009/10/23/8
http://xforce.iss.net/xforce/xfdb/53939
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3626
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Firefox XUL Parsing Denial of Service Vulnerability (Win)
ddrLPD Remote Denial of Service Vulnerability
Denial of Service vulnerability in AVG Anti-Virus (Linux)
Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability
EtherApe RPC Packet Processing Denial of Service Vulnerability

Take action and discover your vulnerabilities