CVE-2018-6797Out-of-bounds Write in Perl

CWE-787Out-of-bounds Write14 documents10 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
1.5%
top 19.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PerlCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedApr 17
Latest updateMay 13

Description

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

Debianperl/perl< 5.26.1-6+3
Ubuntuperl/perl< 5.18.2-2ubuntu1.4+1
NVDperl/perl5.185.26

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 16.04, 17.10

Patches

Patch: rt.perl.orgPatch: rt.perl.org

🔴Vulnerability Details

4
GHSA
GHSA-8qqx-9gj6-xx9p: An issue was discovered in Perl 52022-05-13
CVEList
CVE-2018-6797: An issue was discovered in Perl 52018-04-17
OSV
CVE-2018-6797: An issue was discovered in Perl 52018-04-17
OSV
perl vulnerabilities2018-04-16

📋Vendor Advisories

5
Apple
CVE-2018-6797: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra2018-10-30
Apple
CVE-2018-6797: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan2018-07-09
Ubuntu
Perl vulnerabilities2018-04-16
Red Hat
perl: heap write overflow in regcomp.c2018-04-14
Debian
CVE-2018-6797: perl - An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression ...2018

💬Community

4
HackerOne
Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak2019-10-24
HackerOne
CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written2018-05-19
Bugzilla
CVE-2018-6797 perl: heap write overflow in regcomp.c [fedora-all]2018-04-16
Bugzilla
CVE-2018-6797 perl: heap write overflow in regcomp.c2018-02-21