Vulnerabilities > CVE-2017-12883 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3982.NASL description Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-12837 Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier. - CVE-2017-12883 Jakub Wilk reported a buffer over-read flaw in the regular expression parser, allowing a remote attacker to cause a denial of service or information leak. last seen 2020-06-01 modified 2020-06-02 plugin id 103392 published 2017-09-22 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103392 title Debian DSA-3982-1 : perl - security update NASL family Fedora Local Security Checks NASL id FEDORA_2017-2008FDD7E2.NASL description Update perl(:MODULE_COMPAT_*) ---- Security fix for CVE-2017-12837 CVE-2017-12883 (see <http://search.cpan.org/dist/perl-5.24.3/pod/perldelta.pod>) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-10-18 plugin id 103886 published 2017-10-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103886 title Fedora 25 : 4:perl (2017-2008fdd7e2) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-3092-1.NASL description This update for perl fixes the following issues: Security issues fixed : - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a last seen 2020-06-01 modified 2020-06-02 plugin id 104783 published 2017-11-27 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104783 title SUSE SLED12 / SLES12 Security Update : perl (SUSE-SU-2017:3092-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-7AE07E9F1F.NASL description Update perl(:MODULE_COMPAT_*) ---- Security fix for CVE-2017-12837 CVE-2017-12883 (see <http://search.cpan.org/dist/perl-5.26.1/pod/perldelta.pod>) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105911 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105911 title Fedora 27 : 4:perl (2017-7ae07e9f1f) NASL family Firewalls NASL id PFSENSE_2_3_5.NASL description According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories. last seen 2020-05-09 modified 2018-04-13 plugin id 109037 published 2018-04-13 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109037 title pfSense < 2.3.5 Multiple Vulnerabilities (KRACK) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0037_PERL.NASL description An update of the perl package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121735 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121735 title Photon OS 1.0: Perl PHSA-2017-0037 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D9E82328A12911E7987E4F174049B30A.NASL description SO-AND-SO reports : CVE-2017-12814: $ENV{$key} stack-based buffer overflow on Windows A possible stack-based buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. CVE-2017-12837: Heap buffer overflow in regular expression compiler Compiling certain regular expression patterns with the case-insensitive modifier could cause a heap buffer overflow and crash perl. This has now been fixed. CVE-2017-12883: Buffer over-read in regular expression parser For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 103442 published 2017-09-25 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103442 title FreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0037_RUBY.NASL description An update of the ruby package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121736 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121736 title Photon OS 1.0: Ruby PHSA-2017-0037 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0037.NASL description An update of [perl,ruby] packages for PhotonOS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 111886 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111886 title Photon OS 1.0: Perl / Ruby PHSA-2017-0037 (deprecated) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1304.NASL description This update for perl fixes the following issues : Security issues fixed : - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a last seen 2020-06-05 modified 2017-11-27 plugin id 104767 published 2017-11-27 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104767 title openSUSE Security Update : perl (openSUSE-2017-1304) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3478-1.NASL description Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12837, CVE-2017-12883). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 104543 published 2017-11-14 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104543 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : perl vulnerabilities (USN-3478-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-89492F7161.NASL description Update perl(:MODULE_COMPAT_*) ---- Security fix for CVE-2017-12837 CVE-2017-12883 (see <http://search.cpan.org/dist/perl-5.24.3/pod/perldelta.pod>) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-10-03 plugin id 103613 published 2017-10-03 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103613 title Fedora 26 : 4:perl (2017-89492f7161) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0053-1.NASL description The Docker images provided with SUSE CaaS Platform 2.0 have been updated to include the following updates: binutils : - Update to version 2.29 - 18750 bsc#1030296 CVE-2014-9939 - 20891 bsc#1030585 CVE-2017-7225 - 20892 bsc#1030588 CVE-2017-7224 - 20898 bsc#1030589 CVE-2017-7223 - 20905 bsc#1030584 CVE-2017-7226 - 20908 bsc#1031644 CVE-2017-7299 - 20909 bsc#1031656 CVE-2017-7300 - 20921 bsc#1031595 CVE-2017-7302 - 20922 bsc#1031593 CVE-2017-7303 - 20924 bsc#1031638 CVE-2017-7301 - 20931 bsc#1031590 CVE-2017-7304 - 21135 bsc#1030298 CVE-2017-7209 - 21137 bsc#1029909 CVE-2017-6965 - 21139 bsc#1029908 CVE-2017-6966 - 21156 bsc#1029907 CVE-2017-6969 - 21157 bsc#1030297 CVE-2017-7210 - 21409 bsc#1037052 CVE-2017-8392 - 21412 bsc#1037057 CVE-2017-8393 - 21414 bsc#1037061 CVE-2017-8394 - 21432 bsc#1037066 CVE-2017-8396 - 21440 bsc#1037273 CVE-2017-8421 - 21580 bsc#1044891 CVE-2017-9746 - 21581 bsc#1044897 CVE-2017-9747 - 21582 bsc#1044901 CVE-2017-9748 - 21587 bsc#1044909 CVE-2017-9750 - 21594 bsc#1044925 CVE-2017-9755 - 21595 bsc#1044927 CVE-2017-9756 - 21787 bsc#1052518 CVE-2017-12448 - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 - 21933 bsc#1053347 CVE-2017-12799 - 21990 bsc#1058480 CVE-2017-14333 - 22018 bsc#1056312 CVE-2017-13757 - 22047 bsc#1057144 CVE-2017-14129 - 22058 bsc#1057149 CVE-2017-14130 - 22059 bsc#1057139 CVE-2017-14128 - 22113 bsc#1059050 CVE-2017-14529 - 22148 bsc#1060599 CVE-2017-14745 - 22163 bsc#1061241 CVE-2017-14974 - 22170 bsc#1060621 CVE-2017-14729 - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] - Fix alignment frags for aarch64 (bsc#1003846) coreutils : - Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567) - Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059) - Significantly speed up df(1) for huge mount lists. (bsc#965780) file : - update to version 5.22. - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) - Fixed a memory corruption during rpmbuild (bsc#1063269) - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) - file command throws last seen 2020-06-01 modified 2020-06-02 plugin id 106092 published 2018-01-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106092 title SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)
References
- https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1
- https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1
- https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1
- https://bugzilla.redhat.com/show_bug.cgi?id=1492093
- http://www.securityfocus.com/bid/100852
- http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch
- https://rt.perl.org/Public/Bug/Display.html?id=131598
- http://www.debian.org/security/2017/dsa-3982
- https://security.netapp.com/advisory/ntap-20180426-0001/
- https://www.oracle.com/security-alerts/cpujul2020.html