Vulnerability Details : CVE-2018-18312
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Vulnerability category: Overflow
Products affected by CVE-2018-18312
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
- Netapp » E-series Santricity Os ControllerVersions from including (>=) 11.0 and up to, including, (<=) 11.40cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-18312
2.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-18312
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-18312
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-18312
-
https://rt.perl.org/Public/Bug/Display.html?id=133423
Bug #133423 for perl5: [CVE-2018-18312] regcomp: heap-buffer-overflow write / reg_node overrun (perl-5.28.0, 5.26.2)Exploit;Patch;Third Party Advisory
-
https://usn.ubuntu.com/3834-1/
USN-3834-1: Perl vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1646734
1646734 – (CVE-2018-18312) CVE-2018-18312 perl: Heap-based buffer overflow in S_handle_regex_sets()Issue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0001
RHSA-2019:0001 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020
-
http://www.securitytracker.com/id/1042181
Perl Function Integer/Heap Overflows Let Local Users Obtain Potentially Sensitive Information or Remote Users Execute Arbitrary Code in Certain Cases - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201909-01
Perl: Multiple vulnerabilities (GLSA 201909-01) — Gentoo security
-
https://metacpan.org/changes/release/SHAY/perl-5.28.1
perldelta - what is new for perl v5.28.1 - metacpan.orgThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
[SECURITY] Fedora 29 Update: perl-5.28.1-425.fc29 - package-announce - Fedora Mailing-ListsProduct;Release Notes
-
https://www.debian.org/security/2018/dsa-4347
Debian -- Security Information -- DSA-4347-1 perlThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20190221-0003/
December 2018 PERL Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://metacpan.org/changes/release/SHAY/perl-5.26.3
perldelta - what is new for perl v5.26.3 - metacpan.orgThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0010
RHSA-2019:0010 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/106179
Perl CVE-2018-18312 Heap Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
Jump to