Heap-based buffer overflow vulnerability in Perl's Encode module before 2.44 allows for denial of service via crafted Unicode string

Heap-based buffer overflow vulnerability in Perl's Encode module before 2.44 allows for denial of service via crafted Unicode string

CVE-2011-2939 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

Learn more about our Web Application Penetration Testing UK.