9.1

CVE-2018-18313

Exploit
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PerlPerl Version < 5.26.3
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
DebianDebian Linux Version9.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version7.4
RedhatEnterprise Linux Version7.5
RedhatEnterprise Linux Version7.6
NetappE-series Santricity Os Controller Version >= 11.0 <= 11.40
NetappSnapcenter Version-
NetappSnapdrive Version- SwPlatformunix
ApplemacOS X Version < 10.14.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.52% 0.949
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpujul2020.html
https://security.gentoo.org/glsa/201909-01
http://seclists.org/fulldisclosure/2019/Mar/49
Third Party Advisory
https://seclists.org/bugtraq/2019/Mar/42
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT209600
Third Party Advisory
http://www.securitytracker.com/id/1042181
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0001
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0010
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
https://metacpan.org/changes/release/SHAY/perl-5.26.3
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190221-0003/
Third Party Advisory
https://usn.ubuntu.com/3834-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4347
Third Party Advisory
https://usn.ubuntu.com/3834-2/
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1646738
Patch
Third Party Advisory
Issue Tracking
https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
Patch
Third Party Advisory
https://rt.perl.org/Ticket/Display.html?id=133192
Third Party Advisory
Exploit