---

CVE-2017-12883 - log back

CVE-2017-12883 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Information disclosure
Description	+ A heap buffer overread was found in perl's grok_bslash_N() function, which is used in the compilation of Unicode nodes in regular expressions, possibly leading to crash or dump of memory segments via the error output. An attacker, able to provide a specially crafted regular expression, could look for sensible information in the error message, or crash perl.
References	+ https://rt.perl.org/Public/Bug/Display.html?id=131598 + https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1
Notes