CVE-2017-12883

Published: Sep 19, 2017Modified: May 13, 2026

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

Affected (2)

Products: Perl: Perl

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Perl Perl	Up to 5.24.2
Perl Perl	Version 5.26.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (20)

http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch

Source: cve@mitre.org

PatchThird Party Advisory

http://www.debian.org/security/2017/dsa-3982

Source: cve@mitre.org

http://www.securityfocus.com/bid/100852

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1492093

Source: cve@mitre.org

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1

Source: cve@mitre.org

PatchVendor Advisory

https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1

Source: cve@mitre.org

Release NotesVendor Advisory

https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1

Source: cve@mitre.org

Release NotesVendor Advisory

https://rt.perl.org/Public/Bug/Display.html?id=131598

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20180426-0001/

Source: cve@mitre.org

https://www.oracle.com/security-alerts/cpujul2020.html

Source: cve@mitre.org

http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.debian.org/security/2017/dsa-3982

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/100852

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1492093

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://rt.perl.org/Public/Bug/Display.html?id=131598

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20180426-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.oracle.com/security-alerts/cpujul2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.