CVE-2018-12015 — Link Following in Perl

CWE-59 — Link Following CWE-22 — Path Traversal13 documents9 sources

Severity

7.5HIGHNVD

EPSS

16.0%

top 5.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Apple MAC OS X Canonical Ubuntu Linux +1 more

Timeline

PublishedJun 7

Latest updateMay 13

Description

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Debianperl/perl< 5.26.2-6+3

▶NVDperl/perl5.26.2

▶NVDapple/mac_os_x< 10.14.4

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10, 18.04

Patches

Patch: security.netapp.com ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-44r9-882w-xw5m: In Perl through 5↗2022-05-13

▶

CVEList

CVE-2018-12015: In Perl through 5↗2018-06-07

▶

OSV

CVE-2018-12015: In Perl through 5↗2018-06-07

▶

📋Vendor Advisories

Apple

CVE-2018-12015: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra↗2019-03-25

▶

Ubuntu

Perl vulnerability↗2018-06-13

▶

Ubuntu

Perl vulnerability↗2018-06-13

▶

Red Hat

perl: Directory traversal in Archive::Tar↗2018-06-07

▶

Debian

CVE-2018-12015: perl - In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypas...↗2018

▶

💬Community

Bugzilla

CVE-2018-12015 perl-Archive-Tar: perl: Directory traversal in Archive::Tar [fedora-all]↗2018-06-14

▶

Bugzilla

CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip↗2018-06-14

▶

Bugzilla

CVE-2018-12015 perl-Archive-Tar: perl: Directory traversal in Archive::Tar [fedora-all]↗2018-06-07

▶

Bugzilla

CVE-2018-12015 perl: Directory traversal in Archive::Tar↗2018-06-07

▶