Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
avoid calling memset with a negative count
Poorly written perl code that allows an attacker to specify the count to perl's 'x' string repeat operator can already cause a memory exhaustion denial-of-service attack. A flaw in versions of perl before 5.15.5 can escalate that into a heap buffer overrun; coupled with versions of glibc before 2.16, it possibly allows the execution of arbitrary code. The flaw addressed to this commit has been assigned identifier CVE-2012-5195.
- Loading branch information