in reply to UTF8 related proof of concept exploit released at T-DOSE

Because this is probably a side effect of something

I'm not sure what you mean. My guess is that it comes from the internals when the regex engine tries to read a codepoint from the string, since its not valid it dies.

The solution is very simple: do not use :utf8, but use :encoding(UTF8) (or for strict Unicode compliant UTF-8, use :encoding(UTF-8) (same, but with a hyphen)), as should have been done in the first place.

Thats really crappy. Its huffman coded all wrong. IMO this should be raised on perl5porters with some thought to changing it for the better.