PT-2018-2510 · Perl+5 · Perl+5

Publicado

2018-05-15

Atualizado

2024-06-15

CVE-2018-18311

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.26.3 Perl versions 5.28.x prior to 5.28.1

Description The issue is related to errors in handling regular expressions, leading to buffer overflow due to unchecked input data size, resulting in integer overflow. This can allow a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations For Perl versions prior to 5.26.3, update to version 5.26.3 or later. For Perl versions 5.28.x prior to 5.28.1, update to version 5.28.1 or later. As a temporary workaround, consider restricting the use of crafted regular expressions that may trigger the buffer overflow until a patch is available.

Correção

Integer Overflow

Memory Corruption

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190CWE-787CWE-119

Identificadores relacionados

ALT-PU-2019-1131

BDU:2019-00880

CESA-2019_0109

CVE-2018-18311

DLA-1601-1

DSA-4347-1

OPENSUSE-SU-2018_4258-1

OPENSUSE-SU-2024:11158-1

RHSA-2019:0001

RHSA-2019:0010

RHSA-2019:0109

RHSA-2019:1790

RHSA-2019:1942

RHSA-2019:2400

RHSA-2019_0109

RHSA-2026:7604

SUSE-SU-2018:4187-1

SUSE-SU-2018_4187-1

SUSE-SU-2019:2264-1

SUSE-SU-2019_2264-1

USN-3834-1

USN-3834-2

Produtos afetados

Alt Linux

Centos

Perl

Red Hat

Suse

Ubuntu

PT-2018-2510 · Perl+5 · Perl+5

CVE-2018-18311

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 72