Perl CVE-2018-18313 Heap Buffer Overflow Vulnerability

Bugtraq ID:	106072
Class:	Boundary Condition Error
CVE:	CVE-2018-18313
Remote:	Yes
Local:	No
Published:	Nov 05 2018 12:00AM
Updated:	Nov 05 2018 12:00AM
Credit:	Eiichi Tsukata
Vulnerable:	Redhat Software Collections for RHEL 0 Perl Perl 5.26 Perl Perl 5.24 Perl Perl 5.22
Not Vulnerable:	Perl Perl 5.28.1 Perl Perl 5.26.3

Perl CVE-2018-18313 Heap Buffer Overflow Vulnerability

Perl is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition.

Perl versions 5.22 through 5.26 are vulnerable.

Perl CVE-2018-18313 Heap Buffer Overflow Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Perl CVE-2018-18313 Heap Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Perl CVE-2018-18313 Heap Buffer Overflow Vulnerability

References:

• Perl Homepage (Perl)
  
• Bug 1646738 - (CVE-2018-18313) CVE-2018-18313 perl: Heap-buffer-overflow read i (Red Hat Bugzilla)
  
• regcomp.c: Convert some strchr to memchr (Github)
  
• CVE-2018-18313 (Redhat)