CVE-2011-2728

Publication date 21 December 2012

Last updated 24 July 2024

Ubuntu priority

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
perl	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	11.10 oneiric	Ignored
	10.04 LTS lucid	Ignored
	8.04 LTS hardy	Ignored

How can I get the fixes?
What do statuses mean?
Patch details

Notes

seth-arnold

glob flags would need to be under control of attacker in another program for this to be a security issue.

mdeslaur

we don't consider this to be a security issue. Ignoring.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
perl	Upstream: 1af4051

References

MITRE
NVD
Launchpad
Debian

Other references

https://bugzilla.redhat.com/show_bug.cgi?id=742987
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
http://secunia.com/advisories/46172
http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html
http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod
https://www.cve.org/CVERecord?id=CVE-2011-2728