关键信息 漏洞编号:CVE-2010-1158 类型:Stack overflow by processing a certain regular expression 报告时间:2010-04-08 状态:CLOSED WONTFIX 产品:Security Response 组件:vulnerability 优先级:low 严重性:low 操作系统:Linux 影响:Remote attacker could use this flaw to cause a denial of service (crash of an application, using the Perl regular expression engine) 附带信息 公共PoC: 修复版本: - Addressed in Perl 5.10 - Engine de recursivised 评论 评论2: - This problem was addressed in perl 5.10, as noted in perl5100delta man page. - The regular expression engine is no longer recursive. - Risk assessment concluded there's no plan to backport this fix to older Perl versions. 评论3: - Commit de-recursivising regex engine: http://perl5.git.perl.org/perl.git/commitdiff/95b2444054