CVE-2011-2728

Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.14.2

Description The issue is related to the bsd glob function in the File::Glob module for Perl, which allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB ALTDIRFUNC flag. This triggers an uninitialized pointer dereference. The vulnerability is also associated with resource release errors. Exploitation may allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 5.14.2, update to version 5.14.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of the GLOB ALTDIRFUNC flag in the bsd glob function until a patch is available. Restrict access to the bsd glob function to minimize the risk of exploitation. Avoid using the bsd glob function with untrusted input until the issue is resolved.