{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-07T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-01T09:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "GLSA-201701-75", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-75"}, {"name": "[oss-security] 20160420 Re: CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"}, {"name": "USN-3625-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3625-2/"}, {"name": "[oss-security] 20160420 CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "86707", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/86707"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"}, {"name": "USN-3625-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3625-1/"}, {"name": "FEDORA-2016-5a9313e4b4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2015-8853", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201701-75", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-75"}, {"name": "[oss-security] 20160420 Re: CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"}, {"name": "USN-3625-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3625-2/"}, {"name": "[oss-security] 20160420 CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"}, {"name": "https://rt.perl.org/Public/Bug/Display.html?id=123562", "refsource": "CONFIRM", "url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "86707", "refsource": "BID", "url": "http://www.securityfocus.com/bid/86707"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"}, {"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"}, {"name": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5", "refsource": "CONFIRM", "url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"}, {"name": "USN-3625-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3625-1/"}, {"name": "FEDORA-2016-5a9313e4b4", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:29:22.074Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201701-75", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-75"}, {"name": "[oss-security] 20160420 Re: CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"}, {"name": "USN-3625-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3625-2/"}, {"name": "[oss-security] 20160420 CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "86707", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/86707"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"}, {"name": "USN-3625-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3625-1/"}, {"name": "FEDORA-2016-5a9313e4b4", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-8853", "datePublished": "2016-05-25T15:00:00", "dateReserved": "2016-04-20T00:00:00", "dateUpdated": "2024-08-06T08:29:22.074Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*", "matchCriteriaId": "546DB67C-2B49-4C49-B394-C6B2BD417EB0", "versionEndIncluding": "5.23.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\""}, {"lang": "es", "value": "Las funciones (1) S_reghop3, (2) S_reghop4 y (3) S_reghopmaybe3 en regexec.c en Perl en versiones anteriores a 5.24.0 permiten a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de datos utf-8 manipulados, seg\u00fan lo demostrado por \"a\\x80\"."}], "id": "CVE-2015-8853", "lastModified": "2018-05-02T01:29:00.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-25T15:59:01.473", "references": [{"source": "security@debian.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"}, {"source": "security@debian.org", "url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"}, {"source": "security@debian.org", "url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"}, {"source": "security@debian.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "security@debian.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/86707"}, {"source": "security@debian.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"}, {"source": "security@debian.org", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"}, {"source": "security@debian.org", "url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"}, {"source": "security@debian.org", "url": "https://security.gentoo.org/glsa/201701-75"}, {"source": "security@debian.org", "url": "https://usn.ubuntu.com/3625-1/"}, {"source": "security@debian.org", "url": "https://usn.ubuntu.com/3625-2/"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "perl: regexp matching hangs indefinitely on illegal UTF-8 input", "id": "1329106", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"}, "csaw": false, "cvss": {"cvss_base_score": "5.4", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "status": "draft"}, "cwe": "CWE-400", "details": ["The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\""], "name": "CVE-2015-8853", "package_state": [{"cpe": "cpe:/a:redhat:directory_server:8", "fix_state": "Will not fix", "package_name": "perl", "product_name": "Red Hat Directory Server 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "perl516-perl", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-perl520-perl", "product_name": "Red Hat Software Collections"}], "public_date": "2015-01-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8853\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8853\nhttps://rt.perl.org/Public/Bug/Display.html?id=123562"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate", "upstream_fix": "perl 5.22.1"}