Buffer Overflow Vulnerability in Perl by The Perl Foundation
CVE-2018-18311

9.8CRITICAL

Key Information:

Vendor: Perl
Status: Perl
Vendor: CVE Published:; 7 December 2018

Summary

A buffer overflow vulnerability exists in Perl versions prior to 5.26.3 and 5.28.x prior to 5.28.1. This flaw is caused by improper handling of crafted regular expressions, leading to potential invalid write operations in memory. An attacker could exploit this vulnerability to trigger unexpected behavior or crashes in applications using affected Perl versions.

References

https://lists.debian.org/debian-lts-announce/2018/11/msg0...

mailing-listx_refsource_MLIST

https://www.debian.org/security/2018/dsa-4347

vendor-advisoryx_refsource_DEBIAN

http://www.securityfocus.com/bid/106145

vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 7, 2018
Vulnerability Reserved
Oct 14, 2018

.

CVE-2018-18311 : Buffer Overflow Vulnerability in Perl by The Perl Foundation | SecurityVulnerability.io