Perl: Buffer Overflow (GLSA 200711-28) Key Vulnerability Information: Release Date: November 19, 2007 Latest Revision: November 19, 2007: 01 Severity: Normal Exploitable: Remote Bugzilla Entries: 198196 Affected Packages: Package: dev-lang/perl Affected Versions: = 5.8.8-r4 Description: Tavis Ormandy and Will Drewry (Google Security Team) discovered a heap-based buffer overflow in the Regular Expression engine (regcomp.c) that occurs when switching from byte to Unicode (UTF-8) characters in a regular expression. Impact: A remote attacker could entice a user to compile a specially crafted regular expression or actively compile it in case the script accepts remote input of regular expressions, leading to the execution of arbitrary code with the privileges of the user running Perl. Workaround: There is no known workaround at this time. Resolution: All Perl users should upgrade to the latest version: References: CVE-2007-5116