A heap buffer write overflow, with control over the bytes written, was found in the way regular expressions employing Unicode rules are compiled. An attacker, with the ability to provide a specially crafted regular expression, could crash the perl interpreter, or possibly execute arbitrary code.
Find out more about CVE-2018-6797 from the
MITRE CVE dictionary dictionary and
Versions of the perl interpreter older than 5.18 are not vulnerable. As a result, the versions of perl as shipped in Red Hat Enterprise Linux version 7, 6 and 5 are not affected by this vulnerability.