Описание
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
A heap buffer over read flaw was found in the way Perl regular expression engine handled inputs with invalid UTF-8 characters. An attacker able to provide a specially crafted input to be matched against a regular expression could cause Perl interpreter to crash or disclose portion of its memory.
Отчет
Versions of the perl interpreter older than 5.22 are not vulnerable. As a result, the versions of perl as shipped in Red Hat Enterprise Linux version 7, 6 and 5, as well as the versions of rh-perl520-perl as shipped with Red Hat Software Collections are not affected by this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | perl | Not affected | ||
| Red Hat Enterprise Linux 6 | perl | Not affected | ||
| Red Hat Enterprise Linux 7 | perl | Not affected | ||
| Red Hat Enterprise Linux 8 | perl | Not affected | ||
| Red Hat Software Collections | rh-perl520-perl | Not affected | ||
| Red Hat Software Collections | rh-perl526-perl | Not affected | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-perl524-perl | Fixed | RHSA-2018:1192 | 23.04.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | rh-perl524-perl | Fixed | RHSA-2018:1192 | 23.04.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-perl524-perl | Fixed | RHSA-2018:1192 | 23.04.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | rh-perl524-perl | Fixed | RHSA-2018:1192 | 23.04.2018 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted ...
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
7.5 High
CVSS3