-
Notifications
You must be signed in to change notification settings - Fork 542
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heap-buffer-over-flow in Storable.xs:retrieve_hook that could lead to RCE #16132
Comments
From imdb95@gmail.comGreetings, I found another RCE bug in Storable (that differs from #131990), which **********Build Date & Hardware********** This is perl 5, version 27, subversion 4 (v5.27.4 (v5.27.3-14-gd2dccc0)) Copyright 1987-2017, Larry Wall Perl may be copied only under the terms of either the Artistic License or Complete documentation for Perl, including FAQ lists, should be found on OS: Ubuntu 16.04 Desktop Compilation: **********Reproduce**********
|
From imdb95@gmail.comHello, On Thu, Aug 31, 2017 at 2:17 AM, Manh Nguyen <imdb95@gmail.com> wrote:
|
From @tonycozOn Tue, Oct 10, 2017 at 08:48:39PM -0700, Nguyen Duc Manh wrote:
Sorry for not replying earlier, I've been busy with another project We don't support feeding arbitrary or untrusted storable dumps to Feeding untrusted data to Storable can lead to much simpler and worse Tony |
The RT System itself - Status changed from 'new' to 'open' |
From imdb95@gmail.comI see. For example, faking class name would lead to executing DESTROY On Wed, Oct 11, 2017 at 11:27 AM, Tony Cook via RT <
|
From @iabynOn Wed, Oct 11, 2017 at 11:33:08AM +0700, Manh Nguyen wrote:
I intend to close this ticket. Here is pod from Storable.pm: =head1 SECURITY WARNING B<Do not accept Storable documents from untrusted sources!> Some features of Storable can lead to security vulnerabilities if you In a future version of Storable, we intend to provide options to disable B<Therefore, let me repeat: Do not accept Storable documents from If your application requires accepting data from untrusted sources, you -- |
The RT System itself - Status changed from 'new' to 'open' |
From @tonycozOn Tue, 10 Oct 2017 21:27:59 -0700, tonyc wrote:
This isn't a security issue, but it is a bug. I've moved it to the public queue. I have a fix for it in my working Storable branch. Tony |
From @tonycozOn Wed, 13 Dec 2017 14:47:23 -0800, tonyc wrote:
This was merged into blead as 0079d24 and included in perl 5.28. Thanks for the report. Closing. Tony |
@tonycoz - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#131999 (status was 'resolved')
Searchable as RT131999$
The text was updated successfully, but these errors were encountered: