CVE-2018-6913
published 2018-04-17CVE-2018-6913: Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
PriorityP355critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
10.87%
95.3th percentile
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_high_sierra_10.13.6_security_update_2018-004_sierra_security_update_2018-0 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | perl | < perl 5.26.1-6 (bookworm) | perl 5.26.1-6 (bookworm) |
| perl | perl | < 5.26.2 | 5.26.2 |
| perl | perl | >= 0 < 5.26.1-6 | 5.26.1-6 |
| perl | perl | >= 0 < 5.26.1-6 | 5.26.1-6 |
| perl | perl | >= 0 < 5.26.1-6 | 5.26.1-6 |
| perl | perl | >= 0 < 5.26.1-6 | 5.26.1-6 |
| perl | perl | >= 0 < 5.18.2-2ubuntu1.4 | 5.18.2-2ubuntu1.4 |
| perl | perl | >= 0 < 5.22.1-9ubuntu0.3 | 5.22.1-9ubuntu0.3 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2018-6913: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
vendor_apple·2018-07-09·CVSS 9.8
CVE-2018-6913 [CRITICAL] CVE-2018-6913: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
Apple Security Update: About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
Product: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
CVE: CVE-2018-6913
Component: Perl
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved memory handling.
Ubuntu
Perl vulnerabilities
vendor_ubuntu·2018-04-17·CVSS 7.5
CVE-2015-8853 [HIGH] Perl vulnerabilities
Title: Perl vulnerabilities
Summary: Several security issues were fixed in Perl.
USN-3625-1 fixed a vulnerability in Perl. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that Perl incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause Perl to
hang, resulting in a denial of service. (CVE-2015-8853)
It was discovered that Perl incorrectly loaded libraries from the current
working directory. A local attacker could possibly use this issue to
execute arbitrary code. (CVE-2016-6185)
It was discovered that Perl incorrectly handled the rmtree and remove_tree
functions. A local attacker could possibly use this issue to set the mode
on arbitrary files. (CVE-2017-6512)
GwanYeong Kim d
Ubuntu
Perl vulnerabilities
vendor_ubuntu·2018-04-16·CVSS 7.5
CVE-2015-8853 [HIGH] Perl vulnerabilities
Title: Perl vulnerabilities
Summary: Several security issues were fixed in Perl.
It was discovered that Perl incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause Perl to
hang, resulting in a denial of service. This issue only affected Ubuntu
14.04 LTS. (CVE-2015-8853)
It was discovered that Perl incorrectly loaded libraries from the current
working directory. A local attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and
Ubuntu 16.04 LTS. (CVE-2016-6185)
It was discovered that Perl incorrectly handled the rmtree and remove_tree
functions. A local attacker could possibly use this issue to set the mode
on arbitrary files. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS.
Red Hat
perl: heap buffer overflow in pp_pack.c
vendor_redhat·2018-04-14·CVSS 9.8
CVE-2018-6913 [CRITICAL] CWE-122 perl: heap buffer overflow in pp_pack.c
perl: heap buffer overflow in pp_pack.c
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
It was found that the pack() function in the 32-bit version of the perl interpreter was vulnerable to heap buffer overflow via the packing template. An attacker, able to provide a specially crafted template, could use this flaw to crash the interpreter.
Statement: The 64-bit versions of perl have not been found to be affected. As a result, this issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 7, and the versions of rh-perl526-perl, rh-perl524-perl and rh-perl520-perl as shipped with Red Hat Software Collections.
This issue affects the 32bit versions of perl as s
Debian
CVE-2018-6913: perl - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows con...
vendor_debian·2018·CVSS 9.8
CVE-2018-6913 [CRITICAL] CVE-2018-6913: perl - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows con...
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Scope: local
bookworm: resolved (fixed in 5.26.1-6)
bullseye: resolved (fixed in 5.26.1-6)
forky: resolved (fixed in 5.26.1-6)
sid: resolved (fixed in 5.26.1-6)
trixie: resolved (fixed in 5.26.1-6)
GHSA
GHSA-wrx2-mfgr-hgr7: Heap-based buffer overflow in the pack function in Perl before 5
ghsa_unreviewed·2022-05-13
CVE-2018-6913 [CRITICAL] CWE-787 GHSA-wrx2-mfgr-hgr7: Heap-based buffer overflow in the pack function in Perl before 5
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
OSV
CVE-2018-6913: Heap-based buffer overflow in the pack function in Perl before 5
osv·2018-04-17·CVSS 9.8
CVE-2018-6913 [CRITICAL] CVE-2018-6913: Heap-based buffer overflow in the pack function in Perl before 5
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
OSV
perl vulnerabilities
osv·2018-04-16·CVSS 7.5
CVE-2015-8853 [HIGH] perl vulnerabilities
perl vulnerabilities
It was discovered that Perl incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause Perl to
hang, resulting in a denial of service. This issue only affected Ubuntu
14.04 LTS. (CVE-2015-8853)
It was discovered that Perl incorrectly loaded libraries from the current
working directory. A local attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and
Ubuntu 16.04 LTS. (CVE-2016-6185)
It was discovered that Perl incorrectly handled the rmtree and remove_tree
functions. A local attacker could possibly use this issue to set the mode
on arbitrary files. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2017-6512)
Brian Carpenter discovered that Perl incorre
No detection rules found.
No public exploits indexed.
HackerOne
[CVE-2018-6913] heap-buffer-overflow in S_pack_rec
hackerone·2018-10-31·CVSS 9.8
CVE-2018-6913 [CRITICAL] [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
[CVE-2018-6913] heap-buffer-overflow in S_pack_rec
pack() may cause a heap buffer write overflow with a large item count.
* Reported to the [Perl security mailing list](https://rt.perl.org/Public/Bug/Display.html?id=131844) on 5 Aug 2017.
* Confirmed as a security flaw by TonyC on 30 Jan 2018
* CVE-2018-6913 assigned to this flaw on 11 Feb 2018
* [Public security advisory](https://github.com/Perl/perl5/blob/blead/pod/perl5262delta.pod) released on 14 April 2018
```
==2895==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb610081c at pc 0x08a72387 bp 0xbfea6038 sp 0xbfea602c
WRITE of size 4 at 0xb610081c thread T0
#0 0x8a72386 in S_pack_rec /root/karas/perl5-blead/pp_pack.c:2703:17
#1 0x8a42706 in Perl_packlist /root/karas/perl5-blead/pp_pack.c:1980:11
#2 0x8a73626 in Perl_pp_p
Bugzilla
CVE-2018-6913 perl: heap buffer overflow in pp_pack.c [fedora-all]
bugzilla·2018-04-16·CVSS 9.8
CVE-2018-6913 [CRITICAL] CVE-2018-6913 perl: heap buffer overflow in pp_pack.c [fedora-all]
CVE-2018-6913 perl: heap buffer overflow in pp_pack.c [fedora-all]
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all associated bugs get updated
when new packages are pushed to stable.
# bugfix, security, enhancement, newpackage (required)
type=security
# testing, stable
request=testing
# Bug numbers: 1234,9876
bugs=1547772,1567776
# Description of your update
notes=Security fix for [PUT CVEs HERE]
# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3
# Automatically close bugs when this marked as stable
close_bugs=True
# Suggest that users restart after update
suggest_r
Bugzilla
CVE-2018-6913 perl: heap buffer overflow in pp_pack.c
bugzilla·2018-02-21·CVSS 9.8
CVE-2018-6913 [CRITICAL] CVE-2018-6913 perl: heap buffer overflow in pp_pack.c
CVE-2018-6913 perl: heap buffer overflow in pp_pack.c
A flaw was found in Perl 5. Vulnerable code in pp_pack.c file accepts either large blocks of data from untrusted sources and/or duplicates such blocks, which allows an attacker to exploit this vulnerability at runtime by supplying malicious crafted data. This could result in a denial-of-service (DoS) attack.
Discussion:
Reproducer for 32-bit architecture:
$ perl -e 'pack "c10f1073741823"'
Segmentation fault (core dumped)
---
Perl 5 Porters published the fix for Perl 5.26.1 at and in Perl-5.26.2-RC1 and 5.24.4-RC1 tar balls.
---
Created perl tracking bugs for this issue:
Affects: fedora-all [bug 1567776]
---
Upstream fix:
- (perl #131844) fix various space calculation issues in pp_pack.c
https://perl5.git.perl.org/perl.git/com
http://www.securityfocus.com/bid/103953http://www.securitytracker.com/id/1040681https://lists.debian.org/debian-lts-announce/2018/04/msg00009.htmlhttps://rt.perl.org/Public/Bug/Display.html?id=131844https://security.gentoo.org/glsa/201909-01https://usn.ubuntu.com/3625-1/https://usn.ubuntu.com/3625-2/https://www.debian.org/security/2018/dsa-4172https://www.oracle.com/security-alerts/cpujul2020.htmlhttp://www.securityfocus.com/bid/103953http://www.securitytracker.com/id/1040681https://lists.debian.org/debian-lts-announce/2018/04/msg00009.htmlhttps://rt.perl.org/Public/Bug/Display.html?id=131844https://security.gentoo.org/glsa/201909-01https://usn.ubuntu.com/3625-1/https://usn.ubuntu.com/3625-2/https://www.debian.org/security/2018/dsa-4172https://www.oracle.com/security-alerts/cpujul2020.html
2018-04-17
Published