PT-2018-2510 · Perl+5 · Perl+5

Published

2018-05-15

Updated

2024-06-15

CVE-2018-18311

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.26.3 Perl versions 5.28.x prior to 5.28.1

Description The issue is related to errors in handling regular expressions, leading to buffer overflow due to unchecked input data size, resulting in integer overflow. This can allow a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations For Perl versions prior to 5.26.3, update to version 5.26.3 or later. For Perl versions 5.28.x prior to 5.28.1, update to version 5.28.1 or later. As a temporary workaround, consider restricting the use of crafted regular expressions that may trigger the buffer overflow until a patch is available.

Fix

Integer Overflow

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787CWE-119

Related Identifiers

ALT-PU-2019-1131

BDU:2019-00880

CESA-2019_0109

CVE-2018-18311

DLA-1601-1

DSA-4347-1

OPENSUSE-SU-2018_4258-1

OPENSUSE-SU-2024:11158-1

RHSA-2019:0001

RHSA-2019:0010

RHSA-2019:0109

RHSA-2019:1790

RHSA-2019:1942

RHSA-2019:2400

RHSA-2019_0109

RHSA-2026:7604

SUSE-SU-2018:4187-1

SUSE-SU-2018_4187-1

SUSE-SU-2019:2264-1

SUSE-SU-2019_2264-1

USN-3834-1

USN-3834-2

Affected Products

Alt Linux

Centos

Perl

Red Hat

Suse

Ubuntu

PT-2018-2510 · Perl+5 · Perl+5

CVE-2018-18311

Weakness Enumeration

Related Identifiers

Affected Products

References · 72