CVE-2007-5116: Buffer Overflow

Published Oct 8, 2007
·
Updated

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Other sources

Tavis Ormandy and Will Drewry have discovered a flaw in the way perl calculates the space needed to process a regular expression. It is possible to cause the two passes to mismatch. To quote their mail:

The compile phase uses multiple passes (similar to older pcre releases), once to determine space requirements and another to actually compile the expression, however it's very simple to cause the two passes to mismatch. From the perl documentation:

> The regular expression compiler produces polymorphic opcodes.That is, > the pattern adapts to the data and automatically switches to the Unicode > character scheme when presented with Unicode data--or instead uses a > traditional byte scheme when presented with byte data.

This unfortunately means that you can cause the mode to switch at an arbitrary point, and then subsequent passes of any of the expression prior to this point switch will be passed differently, and thus potentially have their space requirements miscalculated.

Acknowledgements:

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing this issue.

Affected Software

51 affected components
Debian Debian Linux=3.1
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Debian Debian Linux=4.0
Mandrakesoft Mandrake Linux=2007
Mandrakesoft Mandrake Linux=2007
Mandrakesoft Mandrake Linux=2007.1
Mandrakesoft Mandrake Linux=2007.1
Mandrakesoft Mandrake Linux=2008.0
Mandrakesoft Mandrake Linux=2008.0
Mandrakesoft Mandrake Linux Corporate Server=3.0
Mandrakesoft Mandrake Linux Corporate Server=3.0
Mandrakesoft Mandrake Linux Corporate Server=4.0
Mandrakesoft Mandrake Linux Corporate Server=4.0
redhat Enterprise Linux=3.0
redhat Enterprise Linux=3.0
redhat Enterprise Linux=3.0
redhat Enterprise Linux=4.0
redhat Enterprise Linux=4.0
redhat Enterprise Linux=4.0
redhat Enterprise Linux=5.0
redhat Enterprise Linux=5.0
redhat Enterprise Linux Desktop=3.0
redhat Enterprise Linux Desktop=4.0
redhat Linux Advanced Workstation=2.1
redhat Linux Advanced Workstation=2.1
rPath rPath Linux=1
Larry Wall Perl=5.8.0
Larry Wall Perl=5.8.1
Larry Wall Perl=5.8.3
Larry Wall Perl=5.8.4
Larry Wall Perl=5.8.4.1
Larry Wall Perl=5.8.4.2
Larry Wall Perl=5.8.4.2.3
Larry Wall Perl=5.8.4.3
Larry Wall Perl=5.8.4.4
Larry Wall Perl=5.8.4.5
Larry Wall Perl=5.8.6
Mandrakesoft Mandrake Multi Network Firewall=2.0
Openpkg Openpkg=current
redhat Enterprise Linux=1.0

Remediation

Patch Available

http://www.mandriva.com/security/advisories?name=MDKSA-2007:207

Event History

Oct 8, 2007
Data Sourced
via Red Hat·07:03 PM
DescriptionSeverityAffected Software
Nov 7, 2007
CVE Published
via MITRE·08:00 PM
Data Sourced
via MITRE·08:00 PM
Description
Data Sourced
11:46 PM
DescriptionWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2007-5116?

CVE-2007-5116 is classified as a critical vulnerability due to its potential to allow arbitrary code execution through a buffer overflow.

2

How do I fix CVE-2007-5116?

To remediate CVE-2007-5116, upgrade to a patched version of Perl that addresses this issue.

3

Which versions of Perl are affected by CVE-2007-5116?

CVE-2007-5116 affects Perl versions 5.8.0 through 5.8.4.5.

4

Can CVE-2007-5116 be exploited remotely?

Yes, CVE-2007-5116 can be exploited by context-dependent attackers remotely through crafted regular expressions.

5

What impact does CVE-2007-5116 have on applications using Perl?

Applications using vulnerable versions of Perl may be subject to arbitrary code execution, leading to potential data breaches or system compromise.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203