FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-1667

This CVE name corresponds to:

Entered Topic
2013-03-10 perl -- denial of service via algorithmic complexity attack on hashing routines

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2013-1667
Phase Assigned(20130213)

Description

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

References

Source Reference
MLIST [perl.perl5.porters] 20130304 CVE-2013-1667: important rehashing flaw
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
MISC https://bugzilla.redhat.com/show_bug.cgi?id=912276
CONFIRM http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5
CONFIRM http://perl5.git.perl.org/perl.git/commitdiff/9d83adc
CONFIRM http://perl5.git.perl.org/perl.git/commitdiff/d59e31f
CONFIRM https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094
APPLE APPLE-SA-2013-10-22-3
DEBIAN DSA-2641
HP HPSBUX02928
HP SSRT101274
MANDRIVA MDVSA-2013:113
REDHAT RHSA-2013:0685
UBUNTU USN-1770-1
BID 58311
OSVDB 90892
OVAL oval:org.mitre.oval:def:18771
SECUNIA 52472
SECUNIA 52499
XF perl-rehash-dos(82598)