Vulnerabilities > CVE-2017-12883 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
perl
CWE-119
critical
nessus

Summary

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

Vulnerable Configurations

Part Description Count
Application
Perl
398

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3982.NASL
    descriptionMultiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-12837 Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier. - CVE-2017-12883 Jakub Wilk reported a buffer over-read flaw in the regular expression parser, allowing a remote attacker to cause a denial of service or information leak.
    last seen2020-06-01
    modified2020-06-02
    plugin id103392
    published2017-09-22
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103392
    titleDebian DSA-3982-1 : perl - security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-2008FDD7E2.NASL
    descriptionUpdate perl(:MODULE_COMPAT_*) ---- Security fix for CVE-2017-12837 CVE-2017-12883 (see <http://search.cpan.org/dist/perl-5.24.3/pod/perldelta.pod>) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-18
    plugin id103886
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103886
    titleFedora 25 : 4:perl (2017-2008fdd7e2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3092-1.NASL
    descriptionThis update for perl fixes the following issues: Security issues fixed : - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a
    last seen2020-06-01
    modified2020-06-02
    plugin id104783
    published2017-11-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104783
    titleSUSE SLED12 / SLES12 Security Update : perl (SUSE-SU-2017:3092-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-7AE07E9F1F.NASL
    descriptionUpdate perl(:MODULE_COMPAT_*) ---- Security fix for CVE-2017-12837 CVE-2017-12883 (see <http://search.cpan.org/dist/perl-5.26.1/pod/perldelta.pod>) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105911
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105911
    titleFedora 27 : 4:perl (2017-7ae07e9f1f)
  • NASL familyFirewalls
    NASL idPFSENSE_2_3_5.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-05-09
    modified2018-04-13
    plugin id109037
    published2018-04-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109037
    titlepfSense < 2.3.5 Multiple Vulnerabilities (KRACK)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0037_PERL.NASL
    descriptionAn update of the perl package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121735
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121735
    titlePhoton OS 1.0: Perl PHSA-2017-0037
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D9E82328A12911E7987E4F174049B30A.NASL
    descriptionSO-AND-SO reports : CVE-2017-12814: $ENV{$key} stack-based buffer overflow on Windows A possible stack-based buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. CVE-2017-12837: Heap buffer overflow in regular expression compiler Compiling certain regular expression patterns with the case-insensitive modifier could cause a heap buffer overflow and crash perl. This has now been fixed. CVE-2017-12883: Buffer over-read in regular expression parser For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id103442
    published2017-09-25
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103442
    titleFreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0037_RUBY.NASL
    descriptionAn update of the ruby package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121736
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121736
    titlePhoton OS 1.0: Ruby PHSA-2017-0037
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0037.NASL
    descriptionAn update of [perl,ruby] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111886
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111886
    titlePhoton OS 1.0: Perl / Ruby PHSA-2017-0037 (deprecated)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1304.NASL
    descriptionThis update for perl fixes the following issues : Security issues fixed : - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a
    last seen2020-06-05
    modified2017-11-27
    plugin id104767
    published2017-11-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104767
    titleopenSUSE Security Update : perl (openSUSE-2017-1304)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3478-1.NASL
    descriptionJakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12837, CVE-2017-12883). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104543
    published2017-11-14
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104543
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : perl vulnerabilities (USN-3478-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-89492F7161.NASL
    descriptionUpdate perl(:MODULE_COMPAT_*) ---- Security fix for CVE-2017-12837 CVE-2017-12883 (see <http://search.cpan.org/dist/perl-5.24.3/pod/perldelta.pod>) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-03
    plugin id103613
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103613
    titleFedora 26 : 4:perl (2017-89492f7161)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0053-1.NASL
    descriptionThe Docker images provided with SUSE CaaS Platform 2.0 have been updated to include the following updates: binutils : - Update to version 2.29 - 18750 bsc#1030296 CVE-2014-9939 - 20891 bsc#1030585 CVE-2017-7225 - 20892 bsc#1030588 CVE-2017-7224 - 20898 bsc#1030589 CVE-2017-7223 - 20905 bsc#1030584 CVE-2017-7226 - 20908 bsc#1031644 CVE-2017-7299 - 20909 bsc#1031656 CVE-2017-7300 - 20921 bsc#1031595 CVE-2017-7302 - 20922 bsc#1031593 CVE-2017-7303 - 20924 bsc#1031638 CVE-2017-7301 - 20931 bsc#1031590 CVE-2017-7304 - 21135 bsc#1030298 CVE-2017-7209 - 21137 bsc#1029909 CVE-2017-6965 - 21139 bsc#1029908 CVE-2017-6966 - 21156 bsc#1029907 CVE-2017-6969 - 21157 bsc#1030297 CVE-2017-7210 - 21409 bsc#1037052 CVE-2017-8392 - 21412 bsc#1037057 CVE-2017-8393 - 21414 bsc#1037061 CVE-2017-8394 - 21432 bsc#1037066 CVE-2017-8396 - 21440 bsc#1037273 CVE-2017-8421 - 21580 bsc#1044891 CVE-2017-9746 - 21581 bsc#1044897 CVE-2017-9747 - 21582 bsc#1044901 CVE-2017-9748 - 21587 bsc#1044909 CVE-2017-9750 - 21594 bsc#1044925 CVE-2017-9755 - 21595 bsc#1044927 CVE-2017-9756 - 21787 bsc#1052518 CVE-2017-12448 - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 - 21933 bsc#1053347 CVE-2017-12799 - 21990 bsc#1058480 CVE-2017-14333 - 22018 bsc#1056312 CVE-2017-13757 - 22047 bsc#1057144 CVE-2017-14129 - 22058 bsc#1057149 CVE-2017-14130 - 22059 bsc#1057139 CVE-2017-14128 - 22113 bsc#1059050 CVE-2017-14529 - 22148 bsc#1060599 CVE-2017-14745 - 22163 bsc#1061241 CVE-2017-14974 - 22170 bsc#1060621 CVE-2017-14729 - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] - Fix alignment frags for aarch64 (bsc#1003846) coreutils : - Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567) - Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059) - Significantly speed up df(1) for huge mount lists. (bsc#965780) file : - update to version 5.22. - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) - Fixed a memory corruption during rpmbuild (bsc#1063269) - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) - file command throws
    last seen2020-06-01
    modified2020-06-02
    plugin id106092
    published2018-01-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106092
    titleSUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)