CVE-2018-18311

CWE-190 — Integer Overflow CWE-787 — Out-of-bounds Write CWE-120 — Classic Buffer Overflow13 documents10 sources

Severity

9.8CRITICAL

EPSS

11.4%

top 6.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Mcafee WEB Gateway Perl Perl +11 more

Timeline

PublishedDec 7

Latest updateMay 13

Description

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDperl/perl5.28.0 — 5.28.1+1

▶Debianperl< 5.28.1-1+3

▶Ubuntuperl< 5.18.2-2ubuntu1.7+2

▶NVDapple/mac_os_x< 10.14.4

▶NVDmcafee/web_gateway7.7.2 — 7.7.2.21+2

Also affects: Debian Linux 8.0, 9.0, Fedora 29, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, Enterprise Linux 6.0, 7.0, 7.4, 7.5, 7.6, Openshift Container Platform 3.11

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-qr73-9894-ffxf: Perl before 5↗2022-05-13

▶

CVEList

CVE-2018-18311: Perl before 5↗2018-12-07

▶

OSV

CVE-2018-18311: Perl before 5↗2018-12-07

▶

OSV

perl vulnerabilities↗2018-12-03

▶

📋Vendor Advisories

Oracle

Oracle Oracle Enterprise Manager Risk Matrix: Install (Perl) — CVE-2018-18311↗2020-04-15

▶

Apple

CVE-2018-18311: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra↗2019-03-25

▶

Ubuntu

Perl vulnerabilities↗2018-12-03

▶

Ubuntu

Perl vulnerabilities↗2018-12-03

▶

Red Hat

perl: Integer overflow leading to buffer overflow in Perl_my_setenv()↗2018-11-29

▶

💬Community

Bugzilla

CVE-2018-18311 perl: Integer overflow leading to buffer overflow in Perl_my_setenv() [fedora-all]↗2018-11-30

▶

Bugzilla

CVE-2018-18311 perl: Integer overflow leading to buffer overflow in Perl_my_setenv()↗2018-11-05

▶