Launchpad CVE tracker

CVE 2011-2939

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2011-2939 (Candidate) is related to these bugs:

Bug #1069034: [CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator

		In	Importance	Status
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Hardy)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Lucid)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Natty)	Medium	Won't Fix
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Oneiric)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Precise)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Quantal)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Raring)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-2939

References