CVE-2011-2939

Description

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

How to fix CVE-2011-2939

To remediate CVE-2011-2939, upgrade the affected package to a fixed version below.

• Debian/libencode-perl—upgrade to 2.44-1 or later
• Debian/perl—upgrade to 5.12.4-4 or later

Is CVE-2011-2939 being exploited?

Moderate — EPSS is 6.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 2.44-1
• from 0, < 5.12.4-4

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-2939