CVE-2018-6797

Опубликовано: 14 апр. 2018

Источник: redhat

CVSS3: 8.1

Описание

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

A heap buffer write overflow, with control over the bytes written, was found in the way regular expressions employing Unicode rules are compiled. An attacker, with the ability to provide a specially crafted regular expression, could crash the perl interpreter, or possibly execute arbitrary code.

Отчет

Versions of the perl interpreter older than 5.18 are not vulnerable. As a result, the versions of perl as shipped in Red Hat Enterprise Linux version 7, 6 and 5 are not affected by this vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	perl	Not affected
Red Hat Enterprise Linux 6	perl	Not affected
Red Hat Enterprise Linux 7	perl	Not affected
Red Hat Enterprise Linux 8	perl	Not affected
Red Hat Software Collections	rh-perl520-perl	Will not fix
Red Hat Software Collections	rh-perl526-perl	Not affected
Red Hat Software Collections for Red Hat Enterprise Linux 6	rh-perl524-perl	Fixed	RHSA-2018:1192	23.04.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS	rh-perl524-perl	Fixed	RHSA-2018:1192	23.04.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7	rh-perl524-perl	Fixed	RHSA-2018:1192	23.04.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS	rh-perl524-perl	Fixed	RHSA-2018:1192	23.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=1547783perl: heap write overflow in regcomp.c

8.1 High

CVSS3

Связанные уязвимости

CVE-2018-6797

CVSS3: 9.8

ubuntu

почти 8 лет назад

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

CVE-2018-6797

CVSS3: 9.8

nvd

почти 8 лет назад

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

CVE-2018-6797

CVSS3: 9.8

debian

почти 8 лет назад

An issue was discovered in Perl 5.18 through 5.26. A crafted regular e ...

GHSA-8qqx-9gj6-xx9p

CVSS3: 9.8

github

больше 3 лет назад

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

openSUSE-SU-2018:1095-1

suse-cvrf

почти 8 лет назад

Security update for perl

8.1 High

CVSS3