Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:N/AC:H/Au:N/C:P/I:P/A:P
Vendors | Products |
---|---|
Perl |
|
Dan Kogai |
|
Configuration 1 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2012-01-13T18:00:00
Updated: 2012-02-17T10:00:00
Reserved: 2011-07-27T00:00:00
Link: CVE-2011-2939
JSON object: View
NVD Information
Status : Modified
Published: 2012-01-13T18:55:02.987
Modified: 2023-02-13T04:32:37.033
Link: CVE-2011-2939
JSON object: View
Redhat Information
No data.
CWE