Numeric Errors
CVE-2011-2939
Summary
Off-by-one error in the "decode_xs" function in Unicode/Unicode.xs in the Encode distribution before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a Denial of Service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.
- HIGH
- NETWORK
- NONE
- PARTIAL
- PARTIAL
- PARTIAL
CWE-189 - Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.
References
Advisory Timeline
- Published