CVE-2018-6913Out-of-bounds Write in Perl

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow13 documents10 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
3.9%
top 11.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PerlDebian PerlApple Macos High Sierra 10.13.6 Security Update 2018-004 Sierra Security Update 2018-0+2 more
Timeline
PublishedApr 17
Latest updateMay 13

Description

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDperl/perl< 5.26.2
debiandebian/perl< perl 5.26.1-6 (bookworm)
Debianperl/perl< 5.26.1-6+3
Ubuntuperl/perl< 5.18.2-2ubuntu1.4+1

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10

🔴Vulnerability Details

4
GHSA
GHSA-wrx2-mfgr-hgr7: Heap-based buffer overflow in the pack function in Perl before 52022-05-13
OSV
CVE-2018-6913: Heap-based buffer overflow in the pack function in Perl before 52018-04-17
CVEList
CVE-2018-6913: Heap-based buffer overflow in the pack function in Perl before 52018-04-17
OSV
perl vulnerabilities2018-04-16

📋Vendor Advisories

5
Apple
CVE-2018-6913: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan2018-07-09
Ubuntu
Perl vulnerabilities2018-04-17
Ubuntu
Perl vulnerabilities2018-04-16
Red Hat
perl: heap buffer overflow in pp_pack.c2018-04-14
Debian
CVE-2018-6913: perl - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows con...2018

💬Community

3
HackerOne
[CVE-2018-6913] heap-buffer-overflow in S_pack_rec2018-10-31
Bugzilla
CVE-2018-6913 perl: heap buffer overflow in pp_pack.c [fedora-all]2018-04-16
Bugzilla
CVE-2018-6913 perl: heap buffer overflow in pp_pack.c2018-02-21