Fuzzing Perl Follow-up #1

During my 48 hours of fuzzing Perl for this blog post, I discovered multiple flaws which could have had security implications (buffer overflows, use after free, etc). Some of them ended up having zero security implications, while others are still hidden from public view (pending fixes, possible CVE assignments, etc). Here are a few of the bugs that have been fixed and scheduled for release:

  1. heap-buffer-overflow in Perl_sv_vcatpvfn_flags
  2. stack-buffer-overflow in S_missingterm
  3. SIGBUS Perl_sv_peek
Geeknik Labs

Also on this blog

SHARE:  Email · Facebook · Google · Twitter · Tumblr · Kindle
SUBSCRIBE:  Receive an email on new posts from Geeknik Labs

Comments


  • Notify me upon new comments

☺ Got it