Perl is prone to the following multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
1. An integer-overflow vulnerability
2. A heap-based buffer-overflow vulnerability
Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Bugtraq ID: | 106145 |
Class: | Boundary Condition Error |
CVE: | CVE-2018-18311 CVE-2018-18314 |
Remote: | Yes |
Local: | No |
Published: | Nov 29 2018 12:00AM |
Updated: | Nov 29 2018 12:00AM |
Credit: | The vendor reported these issues. |
Vulnerable: | Redhat Software Collections for RHEL 0 Redhat Enterprise Linux 7 Perl Perl 5.28 Perl Perl 5.26.2 Perl Perl 5.26 Perl Perl 5.24.3 Perl Perl 5.22.1 Perl Perl 5.20.2 Perl Perl 5.20.1 Perl Perl 5.18.2 Perl Perl 5.16 Perl Perl 5.14 Perl Perl 5.12.1 Perl Perl 5.12 Perl Perl 5.11 Perl Perl 5.10 Perl Perl 5.9.2 Perl Perl 5.8.10 Perl Perl 5.8.9 Perl Perl 5.8.8 Perl Perl 5.8.7 Perl Perl 5.8.6 Perl Perl 5.8.5 Perl Perl 5.8.4 Perl Perl 5.8.3 Perl Perl 5.8 Perl Perl 5.8.2 Perl Perl 5.8.1 Perl Perl 5.24 Perl Perl 5.22 Perl Perl 5.20 Perl Perl 5.18 Perl Perl 5.17.7 Perl Perl 5.16.2 Perl Perl 5.16.1 Perl Perl 5.14.3 Perl Perl 5.14.2 Perl Perl 5.14.1 Perl Perl 5.13.9 Perl Perl 5.13.8 Perl Perl 5.13.7 Perl Perl 5.13.6 Perl Perl 5.13.5 Perl Perl 5.13.4 Perl Perl 5.13.3 Perl Perl 5.13.2 Perl Perl 5.13.11 Perl Perl 5.13.10 Perl Perl 5.13.1 Perl Perl 5.13.0 Perl Perl 5.12.3 Perl Perl 5.12.2 Perl Perl 5.11.5 Perl Perl 5.11.4 Perl Perl 5.11.3 Perl Perl 5.11.2 Perl Perl 5.11.1 Perl Perl 5.10.1 |
Not Vulnerable: | Perl Perl 5.28.1 Perl Perl 5.26.3 |
References:
- Bug 1646730 (CVE-2018-18311) - CVE-2018-18311 perl: Integer overflow leading to (Red Hat Bugzilla)
- Bug 1646751 (CVE-2018-18314) - CVE-2018-18314 perl: Heap-based buffer overflow (Red Hat Bugzilla)
- CVE-2018-18311 (Red Hat Bugzilla)
- CVE-2018-18314 (Red Hat Bugzilla)
- fix #131649 - extended charclass can trigger assert (Perl)
- Perl Homepage (Perl)
- Perl_my_setenv(); handle integer wrap (Perl)
- Oracle Critical Patch Update Advisory - July 2019 (Oracle)
from SecurityFocus Vulnerabilities https://ift.tt/2Ls4csy
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.