CVE-2018-18312

Published: 29 November 2018

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
Upstream
Released (5.28.1-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.26.1-6ubuntu0.3)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (5.22.1-9ubuntu0.6)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(5.18.2-2ubuntu1.6)

Notes

AuthorNote
upstream
5.18 - 5.28
mdeslaur
looks to me like this was introduced by:
https://perl5.git.perl.org/perl.git/commit/6798c95dd27b33efd71f394c18649af7bbaf42b7
trusty doesn't look affected

References

Bugs