Description

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

Remediation

References

CVE-2015-8853

Related Vulnerabilities

MediaWiki Insufficiently Protected Credentials Vulnerability (CVE-2020-29005)

WordPress Plugin Page Builder:PageLayer-Drag and Drop website builder Cross-Site Scripting (1.3.4)

Drupal Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2017-6381)

MySQL CVE-2024-21159 Vulnerability (CVE-2024-21159)

MySQL CVE-2015-4761 Vulnerability (CVE-2015-4761)

Severity

High

Classification

CVE-2015-8853 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities