Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2018-18312

Published: 29 November 2018

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Notes

AuthorNote
upstream 
5.18 - 5.28
mdeslaur 
looks to me like this was introduced by:
https://perl5.git.perl.org/perl.git/commit/6798c95dd27b33efd71f394c18649af7bbaf42b7
trusty doesn't look affected

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian 		bionic
Released (5.26.1-6ubuntu0.3)
cosmic
Released (5.26.2-7ubuntu0.1)
precise Not vulnerable

trusty Not vulnerable
(5.18.2-2ubuntu1.6)
upstream
Released (5.28.1-1)
xenial
Released (5.22.1-9ubuntu0.6)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading