First published: Wed Feb 21 2018(Updated: )
A flaw was found in Perl 5. A heap write overflow in regcomp.c file might be exploited when a perl program allows user input of patterns. A crafted regular expression can cause the heap buffer overflow, with control over the bytes written.
Credit: Brian Carpenter GwanYeong Kim Brian Carpenter cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Perl Perl | >=5.18<=5.26 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server | =7.3 | |
Redhat Enterprise Linux Server | =7.4 | |
Redhat Enterprise Linux Server | =7.5 | |
Redhat Enterprise Linux Server | =7.6 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Apple macOS Mojave | <10.14.1 | 10.14.1 |
Apple High Sierra | ||
Apple Sierra | ||
Apple macOS High Sierra | <10.13.6 | 10.13.6 |
Apple El Capitan | ||
redhat/perl | <5.26.2 | 5.26.2 |
redhat/perl | <5.24.4 | 5.24.4 |
debian/perl | 5.32.1-4+deb11u3 5.32.1-4+deb11u1 5.36.0-7+deb12u1 5.38.2-5 5.40.0-6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2018-6797 is a vulnerability in Perl 5.18 through 5.26 that allows a crafted regular expression to cause a heap-based buffer overflow.
CVE-2018-6797 has a severity rating of 9.8, which is considered critical.
CVE-2018-6797 affects Perl versions 5.18 through 5.26.
CVE-2018-6797 affects Perl versions 5.18 through 5.26 on various operating systems including Ubuntu, Debian, Red Hat, and macOS.
To fix CVE-2018-6797, update Perl to version 5.22.1-9ubuntu0.3 for Ubuntu, 5.26.0-8ubuntu1.1 for Ubuntu Artful, or the respective fixed versions for other operating systems.