CPANSA-perl-2018-18311: perl vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2018-12-07T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2018-12-07T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 9.8 | Severity | Critical |
Original language | Language | en | |
Also referred to |
Vulnerability Description
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Vulnerabilities
CVE-2018-18311
Vulnerability DescriptionPerl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Weakness | CWE-190 : Integer Overflow or Wraparound |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
perl less than 5.26.3 |
|
||||||||||||
perl equal =5.28.0 |
|
Fixed
- perl greater than or equal 5.28.1
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-perl-2018-18311 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2018/cpansa-perl-2018-18311.json - https://www.debian.org/security/2018/dsa-4347 external
https://www.debian.org/security/2018/dsa-4347 - https://usn.ubuntu.com/3834-2/ external
https://usn.ubuntu.com/3834-2/ - https://rt.perl.org/Ticket/Display.html?id=133204 external
https://rt.perl.org/Ticket/Display.html?id=133204 - https://metacpan.org/changes/release/SHAY/perl-5.28.1 external
https://metacpan.org/changes/release/SHAY/perl-5.28.1 - https://metacpan.org/changes/release/SHAY/perl-5.26.3 external
https://metacpan.org/changes/release/SHAY/perl-5.26.3 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/ external
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/ - https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html external
https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html - https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be external
https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be - https://bugzilla.redhat.com/show_bug.cgi?id=1646730 external
https://bugzilla.redhat.com/show_bug.cgi?id=1646730 - http://www.securitytracker.com/id/1042181 external
http://www.securitytracker.com/id/1042181 - https://usn.ubuntu.com/3834-1/ external
https://usn.ubuntu.com/3834-1/ - http://www.securityfocus.com/bid/106145 external
http://www.securityfocus.com/bid/106145 - https://access.redhat.com/errata/RHSA-2019:0010 external
https://access.redhat.com/errata/RHSA-2019:0010 - https://access.redhat.com/errata/RHSA-2019:0001 external
https://access.redhat.com/errata/RHSA-2019:0001 - https://access.redhat.com/errata/RHSA-2019:0109 external
https://access.redhat.com/errata/RHSA-2019:0109 - https://security.netapp.com/advisory/ntap-20190221-0003/ external
https://security.netapp.com/advisory/ntap-20190221-0003/ - https://support.apple.com/kb/HT209600 external
https://support.apple.com/kb/HT209600 - https://seclists.org/bugtraq/2019/Mar/42 external
https://seclists.org/bugtraq/2019/Mar/42 - http://seclists.org/fulldisclosure/2019/Mar/49 external
http://seclists.org/fulldisclosure/2019/Mar/49 - https://kc.mcafee.com/corporate/index?page=content&id=SB10278 external
https://kc.mcafee.com/corporate/index?page=content&id=SB10278 - https://access.redhat.com/errata/RHBA-2019:0327 external
https://access.redhat.com/errata/RHBA-2019:0327 - https://access.redhat.com/errata/RHSA-2019:1790 external
https://access.redhat.com/errata/RHSA-2019:1790 - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html external
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - https://access.redhat.com/errata/RHSA-2019:1942 external
https://access.redhat.com/errata/RHSA-2019:1942 - https://access.redhat.com/errata/RHSA-2019:2400 external
https://access.redhat.com/errata/RHSA-2019:2400 - https://security.gentoo.org/glsa/201909-01 external
https://security.gentoo.org/glsa/201909-01 - https://www.oracle.com/security-alerts/cpuapr2020.html external
https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpujul2020.html external
https://www.oracle.com/security-alerts/cpujul2020.html - https://perldoc.perl.org/perl5281delta external
https://perldoc.perl.org/perl5281delta - https://perldoc.perl.org/perl5263delta external
https://perldoc.perl.org/perl5263delta - CVE-2018-18311 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2018-18311
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Fri Dec 7 00:00:00 2018 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/