CVE-2018-6798

Impact:
Moderate
Public Date:
2018-04-14
CWE:
CWE-125
Bugzilla:
1547779: CVE-2018-6798 perl: heap read overflow in regexec.c
A heap buffer over read flaw was found in the way Perl regular expression engine handled inputs with invalid UTF-8 characters. An attacker able to provide a specially crafted input to be matched against a regular expression could cause Perl interpreter to crash or disclose portion of its memory.

Find out more about CVE-2018-6798 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Versions of the perl interpreter older than 5.22 are not vulnerable. As a result, the versions of perl as shipped in Red Hat Enterprise Linux version 7, 6 and 5, as well as the versions of rh-perl520-perl as shipped with Red Hat Software Collections are not affected by this vulnerability.

CVSS v3 metrics

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-perl524-perl) RHSA-2018:1192 2018-04-23
Red Hat Software Collections for Red Hat Enterprise Linux 6 (rh-perl524-perl) RHSA-2018:1192 2018-04-23

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux rh-perl526-perl Affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-perl520-perl Not affected
Red Hat Enterprise Linux 7 perl Not affected
Red Hat Enterprise Linux 6 perl Not affected
Red Hat Enterprise Linux 5 perl Not affected

Acknowledgements

Red Hat would like to thank Perl 5 Porters for reporting this issue. Upstream acknowledges Nguyen Duc Manh as the original reporter.

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.