9.8

CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PerlPerl Version < 5.26.3
PerlPerl Version >= 5.28.0 < 5.28.1
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
NetappSnapcenter Version-
NetappSnapdriver Version- SwPlatformunix
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version7.4
RedhatEnterprise Linux Version7.5
RedhatEnterprise Linux Version7.6
RedhatEnterprise Linux Eus Version7.6
ApplemacOS X Version < 10.14.4
FedoraprojectFedora Version29
McafeeWeb Gateway Version >= 7.7.2 < 7.7.2.21
McafeeWeb Gateway Version >= 7.8.2 < 7.8.2.8
McafeeWeb Gateway Version >= 8.0.0 < 8.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.68% 0.955
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory
https://security.gentoo.org/glsa/201909-01
http://seclists.org/fulldisclosure/2019/Mar/49
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Mar/42
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT209600
Third Party Advisory
http://www.securitytracker.com/id/1042181
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0001
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0010
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
https://metacpan.org/changes/release/SHAY/perl-5.26.3
Third Party Advisory
https://metacpan.org/changes/release/SHAY/perl-5.28.1
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190221-0003/
Third Party Advisory
https://usn.ubuntu.com/3834-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4347
Third Party Advisory
http://www.securityfocus.com/bid/106145
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0109
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1790
https://access.redhat.com/errata/RHSA-2019:1942
https://access.redhat.com/errata/RHSA-2019:2400
https://bugzilla.redhat.com/show_bug.cgi?id=1646730
Patch
Third Party Advisory
Issue Tracking
https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
Patch
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10278
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html
Third Party Advisory
Mailing List
https://rt.perl.org/Ticket/Display.html?id=133204
Third Party Advisory
Issue Tracking
https://usn.ubuntu.com/3834-2/
Third Party Advisory