Published: 07/12/2018 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Perl prior to 5.26.3 and 5.28.x prior to 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
perl perl
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
debian debian linux 8.0
debian debian linux 9.0
netapp snap creator framework -
netapp snapcenter -
netapp e-series santricity os controller -
netapp snapdriver -
redhat enterprise linux desktop 7.0
redhat enterprise linux 7.4
redhat enterprise linux workstation 7.0
redhat enterprise linux 7.0
redhat enterprise linux 6.0
redhat enterprise linux server 7.0
redhat enterprise linux 7.5
redhat enterprise linux server tus 7.6
redhat enterprise linux server aus 7.6
redhat openshift container platform 3.11
redhat enterprise linux eus 7.6
redhat enterprise linux 7.6
apple mac os x
fedoraproject fedora 29
mcafee web gateway

Several security issues were fixed in Perl ...

Multiple vulnerabilities were discovered in the implementation of the Perl programming language The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv leading to a heap-based buffer overflo ...

Synopsis Important: perl security update Type/Severity Security Advisory: Important Topic An update for perl is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Synopsis Important: perl security update Type/Severity Security Advisory: Important Topic An update for perl is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP Solutio ...

Synopsis Important: perl security update Type/Severity Security Advisory: Important Topic An update for perl is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Synopsis Important: rh-perl526-perl security and enhancement update Type/Severity Security Advisory: Important Topic An update for rh-perl526-perl and rh-perl526-perl-Module-CoreList is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact ...

Synopsis Important: rh-perl524-perl security update Type/Severity Security Advisory: Important Topic An update for rh-perl524-perl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...

Synopsis Important: perl security update Type/Severity Security Advisory: Important Topic An update for perl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...

Perl has a buffer overflow via a crafted regular expression that triggers invalid write operations(CVE-2018-18311) ...

Perl has a buffer overflow via a crafted regular expression that triggers invalid write operations (CVE-2018-18311) ...

Perl before 5263 and 528x before 5281 has a buffer overflow via a crafted regular expression that triggers invalid write operations ...

CWE-787 CWE-190 https://www.debian.org/security/2018/dsa-4347 https://usn.ubuntu.com/3834-2/https://rt.perl.org/Ticket/Display.html?id=133204 https://metacpan.org/changes/release/SHAY/perl-5.28.1 https://metacpan.org/changes/release/SHAY/perl-5.26.3 https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be https://bugzilla.redhat.com/show_bug.cgi?id=1646730 http://www.securitytracker.com/id/1042181 https://usn.ubuntu.com/3834-1/http://www.securityfocus.com/bid/106145 https://access.redhat.com/errata/RHSA-2019:0010 https://access.redhat.com/errata/RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0109 https://security.netapp.com/advisory/ntap-20190221-0003/https://support.apple.com/kb/HT209600 https://seclists.org/bugtraq/2019/Mar/42 http://seclists.org/fulldisclosure/2019/Mar/49 https://kc.mcafee.com/corporate/index?page=content&id=SB10278 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:1790 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://access.redhat.com/errata/RHSA-2019:1942 https://access.redhat.com/errata/RHSA-2019:2400 https://security.gentoo.org/glsa/201909-01 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/https://nvd.nist.gov https://usn.ubuntu.com/3834-2/

Get Started

CVE-2018-18311

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect