CVE-2018-18311

Name
CVE-2018-18311
Description
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://www.debian.org/security/2018/dsa-4347
Third Party Advisory https://usn.ubuntu.com/3834-2/
Issue Tracking https://rt.perl.org/Ticket/Display.html?id=133204
Third Party Advisory https://metacpan.org/changes/release/SHAY/perl-5.28.1
Third Party Advisory https://metacpan.org/changes/release/SHAY/perl-5.26.3
Product https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
Mailing List https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html
Patch https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1646730
Third Party Advisory http://www.securitytracker.com/id/1042181
Third Party Advisory https://usn.ubuntu.com/3834-1/
Third Party Advisory http://www.securityfocus.com/bid/106145
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0010
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0001
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0109
Third Party Advisory https://security.netapp.com/advisory/ntap-20190221-0003/
Third Party Advisory https://support.apple.com/kb/HT209600
Mailing List https://seclists.org/bugtraq/2019/Mar/42
Mailing List http://seclists.org/fulldisclosure/2019/Mar/49
Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10278
Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0327
REDHAT https://access.redhat.com/errata/RHSA-2019:1790
MISC https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
REDHAT https://access.redhat.com/errata/RHSA-2019:1942
REDHAT https://access.redhat.com/errata/RHSA-2019:2400
GENTOO https://security.gentoo.org/glsa/201909-01
N/A https://www.oracle.com/security-alerts/cpuapr2020.html
MISC https://www.oracle.com/security-alerts/cpujul2020.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* perl >= None < 5.26.3
cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* perl >= 5.28.0 < 5.28.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
perl edge-main 5.26.3-r0 None fixed
perl edge-main 5.26.2-r1 None possibly vulnerable
perl edge-main 5.26.2-r0 None possibly vulnerable
perl edge-main 5.26.1-r0 None possibly vulnerable
perl 3.22-main 5.26.3-r0 None fixed
perl 3.22-main 5.26.2-r1 None possibly vulnerable
perl 3.22-main 5.26.2-r0 None possibly vulnerable
perl 3.22-main 5.26.1-r0 None possibly vulnerable
perl 3.21-main 5.26.3-r0 None fixed
perl 3.21-main 5.26.2-r1 None possibly vulnerable
perl 3.21-main 5.26.2-r0 None possibly vulnerable
perl 3.21-main 5.26.1-r0 None possibly vulnerable
perl 3.20-main 5.26.3-r0 None fixed
perl 3.20-main 5.26.2-r1 None possibly vulnerable
perl 3.20-main 5.26.2-r0 None possibly vulnerable
perl 3.20-main 5.26.1-r0 None possibly vulnerable
perl 3.19-main 5.26.3-r0 None fixed
perl 3.19-main 5.26.2-r1 None possibly vulnerable
perl 3.19-main 5.26.2-r0 None possibly vulnerable
perl 3.19-main 5.26.1-r0 None possibly vulnerable
perl 3.18-main 5.26.3-r0 None fixed
perl 3.17-main 5.26.3-r0 None fixed
perl 3.12-main 5.26.3-r0 None fixed
perl 3.11-main 5.26.3-r0 None fixed
perl 3.10-main 5.26.3-r0 None fixed