CVE-2018-6797

Published: 14 April 2018

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(5.26.1-6)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (5.22.1-9ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr) Ignored

Patches:
Upstream: https://perl5.git.perl.org/perl.git/commitdiff/510cc261d965ccfa427900ebb368fc4d337442d2 (5.24)
Upstream: https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51 (5.26)

Notes

AuthorNote
ratliff
Fix developed by Yves Orton and Karl Williamson
mdeslaur
code is different in trusty, backport difficult and prone to
introducing regressions. Marking as ignored.

References

Bugs