1. CVE-Search
  2. CVE-2018-6797
ID CVE-2018-6797
Summary An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.20.0:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.20.0:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.20.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.20.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.20.2:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.20.2:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.20.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.20.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.20.3:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.20.3:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.5:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.5:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.6:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.6:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.7:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.7:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.8:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.8:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.9:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.9:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.10:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.10:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.21.11:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.21.11:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.0:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.0:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.1:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.1:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.1:rc4:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.1:rc4:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.2:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.2:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.3:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.3:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.3:rc4:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.3:rc4:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.3:rc5:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.3:rc5:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.4:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.4:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.22.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.22.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.23.3:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.23.4:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.23.4:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.23.5:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.23.5:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.23.6:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.23.6:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.23.7:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.23.7:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.23.8:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.23.8:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.23.9:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.23.9:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.0:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.0:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.1:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.1:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.1:rc4:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.1:rc4:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.1:rc5:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.1:rc5:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.2:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.2:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.3:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.3:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.4:-:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.4:-:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.24.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.24.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.2:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.2:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.3:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.3:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.4:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.4:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.5:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.5:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.6:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.6:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.7:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.7:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.8:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.8:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.9:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.9:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.10:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.10:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.11:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.11:*:*:*:*:*:*:*
  • cpe:2.3:a:perl:perl:5.25.12:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.25.12:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2018:1192
rpms
  • rh-perl524-perl-4:5.24.0-380.el6
  • rh-perl524-perl-4:5.24.0-380.el7
  • rh-perl524-perl-Attribute-Handlers-0:0.99-380.el6
  • rh-perl524-perl-Attribute-Handlers-0:0.99-380.el7
  • rh-perl524-perl-Devel-Peek-0:1.23-380.el6
  • rh-perl524-perl-Devel-Peek-0:1.23-380.el7
  • rh-perl524-perl-Devel-SelfStubber-0:1.05-380.el6
  • rh-perl524-perl-Devel-SelfStubber-0:1.05-380.el7
  • rh-perl524-perl-Errno-0:1.25-380.el6
  • rh-perl524-perl-Errno-0:1.25-380.el7
  • rh-perl524-perl-ExtUtils-Embed-0:1.33-380.el6
  • rh-perl524-perl-ExtUtils-Embed-0:1.33-380.el7
  • rh-perl524-perl-ExtUtils-Miniperl-0:1.05-380.el6
  • rh-perl524-perl-ExtUtils-Miniperl-0:1.05-380.el7
  • rh-perl524-perl-IO-0:1.36-380.el6
  • rh-perl524-perl-IO-0:1.36-380.el7
  • rh-perl524-perl-IO-Zlib-1:1.10-380.el6
  • rh-perl524-perl-IO-Zlib-1:1.10-380.el7
  • rh-perl524-perl-Locale-Maketext-Simple-1:0.21-380.el6
  • rh-perl524-perl-Locale-Maketext-Simple-1:0.21-380.el7
  • rh-perl524-perl-Math-BigInt-FastCalc-0:0.40-380.el6
  • rh-perl524-perl-Math-BigInt-FastCalc-0:0.40-380.el7
  • rh-perl524-perl-Math-BigRat-0:0.2608.02-380.el6
  • rh-perl524-perl-Math-BigRat-0:0.2608.02-380.el7
  • rh-perl524-perl-Math-Complex-0:1.59-380.el6
  • rh-perl524-perl-Math-Complex-0:1.59-380.el7
  • rh-perl524-perl-Memoize-0:1.03-380.el6
  • rh-perl524-perl-Memoize-0:1.03-380.el7
  • rh-perl524-perl-Module-Loaded-1:0.08-380.el6
  • rh-perl524-perl-Module-Loaded-1:0.08-380.el7
  • rh-perl524-perl-Net-Ping-0:2.43-380.el6
  • rh-perl524-perl-Net-Ping-0:2.43-380.el7
  • rh-perl524-perl-Pod-Html-0:1.22-380.el6
  • rh-perl524-perl-Pod-Html-0:1.22-380.el7
  • rh-perl524-perl-SelfLoader-0:1.23-380.el6
  • rh-perl524-perl-SelfLoader-0:1.23-380.el7
  • rh-perl524-perl-Test-0:1.28-380.el6
  • rh-perl524-perl-Test-0:1.28-380.el7
  • rh-perl524-perl-Time-Piece-0:1.31-380.el6
  • rh-perl524-perl-Time-Piece-0:1.31-380.el7
  • rh-perl524-perl-bignum-0:0.42-380.el6
  • rh-perl524-perl-bignum-0:0.42-380.el7
  • rh-perl524-perl-core-0:5.24.0-380.el6
  • rh-perl524-perl-core-0:5.24.0-380.el7
  • rh-perl524-perl-debuginfo-4:5.24.0-380.el6
  • rh-perl524-perl-debuginfo-4:5.24.0-380.el7
  • rh-perl524-perl-devel-4:5.24.0-380.el6
  • rh-perl524-perl-devel-4:5.24.0-380.el7
  • rh-perl524-perl-libnetcfg-4:5.24.0-380.el6
  • rh-perl524-perl-libnetcfg-4:5.24.0-380.el7
  • rh-perl524-perl-libs-4:5.24.0-380.el6
  • rh-perl524-perl-libs-4:5.24.0-380.el7
  • rh-perl524-perl-macros-4:5.24.0-380.el6
  • rh-perl524-perl-macros-4:5.24.0-380.el7
  • rh-perl524-perl-open-0:1.10-380.el6
  • rh-perl524-perl-open-0:1.10-380.el7
  • rh-perl524-perl-tests-4:5.24.0-380.el6
  • rh-perl524-perl-tests-4:5.24.0-380.el7
  • rh-perl524-perl-utils-0:5.24.0-380.el6
  • rh-perl524-perl-utils-0:5.24.0-380.el7
refmap via4
confirm https://rt.perl.org/Public/Bug/Display.html?id=132227
debian DSA-4172
gentoo GLSA-201909-01
misc https://www.oracle.com/security-alerts/cpujul2020.html
sectrack
  • 1040681
  • 1042004
ubuntu USN-3625-1
Last major update 24-08-2020 - 17:37
Published 17-04-2018 - 20:29
Last modified 24-08-2020 - 17:37
Back to Top