CVE-2018-6798
First published: Wed Feb 21 2018(Updated: )
A flaw was found in Perl 5. A heap read overflow in regexec.c file may allow an attacker to cause a segmentation fault which might lead to a Denial of Service (DoS) or, possibly, heap memory disclosure. Matching a crafted locale dependent regular expression can cause a heap buffer read overflow and potentially information disclosure while reporting an error message. That error message includes bytes beyond the end of the string, and possibly beyond the end of the buffer, providing a potential information disclosure if the memory had contained any sensitive information.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Perl Perl | >=5.22<=5.26 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server | =7.3 | |
| Redhat Enterprise Linux Server | =7.4 | |
| Redhat Enterprise Linux Server | =7.5 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| redhat/perl | <5.26.2 | 5.26.2 |
| redhat/perl | <5.24.4 | 5.24.4 |
| debian/perl | 5.32.1-4+deb11u3 5.32.1-4+deb11u1 5.36.0-7+deb12u1 5.38.2-5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id/1040681
- https://access.redhat.com/errata/RHSA-2018:1192
- https://rt.perl.org/Public/Bug/Display.html?id=132063
- https://security.gentoo.org/glsa/201909-01
- https://usn.ubuntu.com/3625-1/
- https://www.debian.org/security/2018/dsa-4172
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://launchpad.net/bugs/cve/CVE-2018-6798
- https://perl5.git.perl.org/perl.git/commitdiff/8e6f44c90c7fa1f63c19a44c45482b09a407e15b
- https://perl5.git.perl.org/perl.git/commitdiff/fa889a389ebb8e63782a3697775aa42c63a8f0cd
- https://perl5.git.perl.org/perl.git/commitdiff/8b80ce67ff257aaa36e47eaf4194d27a51595524
- https://perl5.git.perl.org/perl.git/commitdiff/ae187cb6c87b079045274f298fdcf426e4a6404b
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1567777
- https://bugzilla.redhat.com/show_bug.cgi?id=1547779
- https://perl5.git.perl.org/perl.git/commitdiff/0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff
- https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920
- https://security-tracker.debian.org/tracker/CVE-2018-6798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6798
- https://nvd.nist.gov/vuln/detail/CVE-2018-6798
- https://ubuntu.com/security/CVE-2018-6798
Frequently Asked Questions
What is CVE-2018-6798?
CVE-2018-6798 is a vulnerability in Perl versions 5.22 through 5.26 that can cause a heap-based buffer over-read and potentially information disclosure.
How severe is CVE-2018-6798?
CVE-2018-6798 has a severity rating of 7.5 (high).
Which software versions are affected by CVE-2018-6798?
Perl versions 5.22 through 5.26 are affected by CVE-2018-6798.
What is the remedy for CVE-2018-6798 in Ubuntu?
For Ubuntu, the remedy for CVE-2018-6798 is to update the 'perl' package to version 5.22.1-9ubuntu0.3 or 5.26.0-8ubuntu1.1 depending on the Ubuntu version.
Where can I find more information about CVE-2018-6798?
More information about CVE-2018-6798 can be found at the following references: [CVE-2018-6798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6798), [Ubuntu Security Notice USN-3625-1](https://ubuntu.com/security/notices/USN-3625-1), [NVD CVE-2018-6798](https://nvd.nist.gov/vuln/detail/CVE-2018-6798).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-6798
- agent/description
- agent/severity
- agent/remedy
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/perl
- canonical/perl perl
- version/perl perl/5.22
- version/perl perl/5.26
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- vendor/redhat
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- version/redhat enterprise linux server/7.3
- version/redhat enterprise linux server/7.4
- version/redhat enterprise linux server/7.5
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0
- package-manager/redhat
- package-manager/debian