Sign-up

ID

VAR-201812-0271


CVE

CVE-2018-18311


TITLE

Perl Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012765

DESCRIPTION

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Perl is prone to the following multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. 1. An integer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. 7) - noarch, x86_64 3. The following packages have been upgraded to a later upstream version: rh-perl526-perl (5.26.3), rh-perl526-perl-Module-CoreList (5.20181130). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: perl security update Advisory ID: RHSA-2019:0109-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0109 Issue date: 2019-01-21 CVE Names: CVE-2018-18311 ===================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm ppc64: perl-5.16.3-294.el7_6.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64.rpm perl-core-5.16.3-294.el7_6.ppc64.rpm perl-debuginfo-5.16.3-294.el7_6.ppc.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64.rpm perl-devel-5.16.3-294.el7_6.ppc.rpm perl-devel-5.16.3-294.el7_6.ppc64.rpm perl-libs-5.16.3-294.el7_6.ppc.rpm perl-libs-5.16.3-294.el7_6.ppc64.rpm perl-macros-5.16.3-294.el7_6.ppc64.rpm ppc64le: perl-5.16.3-294.el7_6.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm perl-core-5.16.3-294.el7_6.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-devel-5.16.3-294.el7_6.ppc64le.rpm perl-libs-5.16.3-294.el7_6.ppc64le.rpm perl-macros-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.s390x.rpm perl-core-5.16.3-294.el7_6.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.s390.rpm perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-devel-5.16.3-294.el7_6.s390.rpm perl-devel-5.16.3-294.el7_6.s390x.rpm perl-libs-5.16.3-294.el7_6.s390.rpm perl-libs-5.16.3-294.el7_6.s390x.rpm perl-macros-5.16.3-294.el7_6.s390x.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm aarch64: perl-5.16.3-294.el7_6.aarch64.rpm perl-Time-Piece-1.20.1-294.el7_6.aarch64.rpm perl-core-5.16.3-294.el7_6.aarch64.rpm perl-debuginfo-5.16.3-294.el7_6.aarch64.rpm perl-devel-5.16.3-294.el7_6.aarch64.rpm perl-libs-5.16.3-294.el7_6.aarch64.rpm perl-macros-5.16.3-294.el7_6.aarch64.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm ppc64le: perl-5.16.3-294.el7_6.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm perl-core-5.16.3-294.el7_6.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-devel-5.16.3-294.el7_6.ppc64le.rpm perl-libs-5.16.3-294.el7_6.ppc64le.rpm perl-macros-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.s390x.rpm perl-core-5.16.3-294.el7_6.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.s390.rpm perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-devel-5.16.3-294.el7_6.s390.rpm perl-devel-5.16.3-294.el7_6.s390x.rpm perl-libs-5.16.3-294.el7_6.s390.rpm perl-libs-5.16.3-294.el7_6.s390x.rpm perl-macros-5.16.3-294.el7_6.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: perl-debuginfo-5.16.3-294.el7_6.ppc64.rpm perl-tests-5.16.3-294.el7_6.ppc64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-tests-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-tests-5.16.3-294.el7_6.s390x.rpm x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: perl-debuginfo-5.16.3-294.el7_6.aarch64.rpm perl-tests-5.16.3-294.el7_6.aarch64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-tests-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-tests-5.16.3-294.el7_6.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18311 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXEYC0dzjgjWX9erEAQi+cg//SP5ltkBCVsa86sXT7nP94nQepzxwweEj EC1T/sqSYhSYJcftiJdmcxJk9g4wOns39SNJuvsiiajYarJeIFjUq2TpX/lxL3Qe YrrnZ2esaT+kTDPtCpzBoatZ6uSKZmAVBKmu1bQMmquRt6fbk9F3lWWzfUEfspuU RxfJplbKlejPsAAEUA4URdoC8Jey1cbKgrDOxqOGH1ipZyVsW8jvrrCZxCLKkeRR MyfngBxyTGld78ZoDipSMOInjs50Snh3xp+z4ZxPIpltaEiJHK9mbg5Psqvz8hZY S7RMVK4qPPJwFuPLEKBBNtwFneNotq1Hz4Pj1f2YvjsTv56N+IwudLAdHK8bQBA8 mTRgSNbn8T/22U67d6Pa+T1hL/5xstbOM2Jtj5CD++Oqh84mh8ZhWYFafAdCu/RS RRgSZIg3CCjS7C0y+to1BBNARWJm0ymko9NPVGW5anDvqCZfowbUEOe/t1suXbE9 pMJgi+p5JPJwWgA+PkYgeW60edGu1sobtV84QQtgUAjy6wgby2wHYPgJJVNt8TP8 6JkRCmHhbwjsreDy0v65oNWWwTsgUFzjl+KUk5nwh/JST6w+LjY/CCUTgTNyVQR3 ivFL/VNrTip4RQCASlWILYI95U0h+Fb1hL7xbQ5KevVNwS07MZdFhEcZWDTBj3Iw KtRzQvqVeHM= =kPNu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201909-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Perl: Multiple vulnerabilities Date: September 06, 2019 Bugs: #653432, #670190 ID: 201909-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/perl < 5.28.2 >= 5.28.2 Description =========== Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.28.2" References ========== [ 1 ] CVE-2018-18311 https://nvd.nist.gov/vuln/detail/CVE-2018-18311 [ 2 ] CVE-2018-18312 https://nvd.nist.gov/vuln/detail/CVE-2018-18312 [ 3 ] CVE-2018-18313 https://nvd.nist.gov/vuln/detail/CVE-2018-18313 [ 4 ] CVE-2018-18314 https://nvd.nist.gov/vuln/detail/CVE-2018-18314 [ 5 ] CVE-2018-6797 https://nvd.nist.gov/vuln/detail/CVE-2018-6797 [ 6 ] CVE-2018-6798 https://nvd.nist.gov/vuln/detail/CVE-2018-6798 [ 7 ] CVE-2018-6913 https://nvd.nist.gov/vuln/detail/CVE-2018-6913 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201909-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 7.5) - ppc64, ppc64le, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-3834-2 December 03, 2018 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Perl. Software Description: - perl: Practical Extraction and Report Language Details: USN-3834-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: perl 5.14.2-6ubuntu2.9 In general, a standard system update will make all the necessary changes

Trust: 2.61

sources: NVD: CVE-2018-18311 // JVNDB: JVNDB-2018-012765 // BID: 106145 // VULHUB: VHN-128858 // PACKETSTORM: 153965 // PACKETSTORM: 153814 // PACKETSTORM: 151000 // PACKETSTORM: 151248 // PACKETSTORM: 154385 // PACKETSTORM: 153652 // PACKETSTORM: 150565

AFFECTED PRODUCTS

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:6.0

Trust: 1.0

vendor:perlmodel:perlscope:gteversion:5.28.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:perlmodel:perlscope:ltversion:5.28.1

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.5

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion: -

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:8.1.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.8.2.8

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:perlmodel:perlscope:ltversion:5.26.3

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:3.11

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.7.2.21

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.8.2

Trust: 1.0

vendor:netappmodel:snapdriverscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.10

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:8.0.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.7.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:the perlmodel:perlscope:ltversion:5.28.x

Trust: 0.8

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:the perlmodel:perlscope:eqversion:5.28.1

Trust: 0.8

vendor:redhatmodel:software collections for rhelscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.28

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.26.2

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.26

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.24.3

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.22.1

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.20.2

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.20.1

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.18.2

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.16

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.14

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.12.1

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.12

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.11

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.10

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.9.2

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8.10

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8.9

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8.8

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8.7

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8.6

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8.5

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8.4

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8.3

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8.2

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.8.1

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.24

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.22

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.20

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.18

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.17.7

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.16.2

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.16.1

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.14.3

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.14.2

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.14.1

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.9

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.8

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.7

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.6

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.5

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.4

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.3

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.2

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.11

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.10

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.1

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.13.0

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.12.3

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.12.2

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.11.5

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.11.4

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.11.3

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.11.2

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.11.1

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.10.1

Trust: 0.3

vendor:perlmodel:perlscope:neversion:5.28.1

Trust: 0.3

vendor:perlmodel:perlscope:neversion:5.26.3

Trust: 0.3

sources: BID: 106145 // JVNDB: JVNDB-2018-012765 // NVD: CVE-2018-18311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18311
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-18311
value: CRITICAL

Trust: 0.8

VULHUB: VHN-128858
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-18311
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-128858
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-18311
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-128858 // JVNDB: JVNDB-2018-012765 // NVD: CVE-2018-18311

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-128858 // JVNDB: JVNDB-2018-012765 // NVD: CVE-2018-18311

THREAT TYPE

network

Trust: 0.3

sources: BID: 106145

TYPE

overflow

Trust: 0.5

sources: PACKETSTORM: 153965 // PACKETSTORM: 153814 // PACKETSTORM: 151000 // PACKETSTORM: 151248 // PACKETSTORM: 153652

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012765

PATCH
title:DSA-4347url:https://www.debian.org/security/2018/dsa-4347
Trust: 0.8
title:Perl_my_setenv(); handle integer wrapurl:https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
Trust: 0.8
title:[SECURITY] Fedora 29 Update: perl-5.28.1-425.fc29url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
Trust: 0.8
title:USN-3834-1url:https://usn.ubuntu.com/3834-1/
Trust: 0.8
title:USN-3834-2url:https://usn.ubuntu.com/3834-2/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-012765

EXTERNAL IDS
db:NVDid:CVE-2018-18311
Trust: 2.9
db:BIDid:106145
Trust: 1.4
db:SECTRACKid:1042181
Trust: 1.1
db:MCAFEEid:SB10278
Trust: 1.1
db:JVNDBid:JVNDB-2018-012765
Trust: 0.8
db:PACKETSTORMid:153965
Trust: 0.2
db:PACKETSTORMid:151248
Trust: 0.2
db:PACKETSTORMid:150565
Trust: 0.2
db:PACKETSTORMid:153652
Trust: 0.2
db:PACKETSTORMid:151000
Trust: 0.2
db:PACKETSTORMid:153814
Trust: 0.2
db:PACKETSTORMid:154385
Trust: 0.2
db:PACKETSTORMid:151001
Trust: 0.1
db:PACKETSTORMid:150564
Trust: 0.1
db:PACKETSTORMid:150523
Trust: 0.1
db:VULHUBid:VHN-128858
Trust: 0.1
sources:
            
            
            VULHUB: VHN-128858 // 
            
            
            
            BID: 106145 // 
            
            
            
            JVNDB: JVNDB-2018-012765 // 
            
            
            
            PACKETSTORM: 153965 // 
            
            
            
            PACKETSTORM: 153814 // 
            
            
            
            PACKETSTORM: 151000 // 
            
            
            
            PACKETSTORM: 151248 // 
            
            
            
            PACKETSTORM: 154385 // 
            
            
            
            PACKETSTORM: 153652 // 
            
            
            
            PACKETSTORM: 150565 // 
            
            
            
            NVD: CVE-2018-18311

REFERENCES
url:https://bugzilla.redhat.com/show_bug.cgi?id=1646730
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-18311
Trust: 1.5
url:https://github.com/perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
Trust: 1.4
url:https://security.gentoo.org/glsa/201909-01
Trust: 1.2
url:https://access.redhat.com/errata/rhsa-2019:0001
Trust: 1.2
url:https://access.redhat.com/errata/rhsa-2019:0109
Trust: 1.2
url:https://access.redhat.com/errata/rhsa-2019:1790
Trust: 1.2
url:https://access.redhat.com/errata/rhsa-2019:1942
Trust: 1.2
url:https://access.redhat.com/errata/rhsa-2019:2400
Trust: 1.2
url:http://www.securityfocus.com/bid/106145
Trust: 1.1
url:https://seclists.org/bugtraq/2019/mar/42
Trust: 1.1
url:https://metacpan.org/changes/release/shay/perl-5.26.3
Trust: 1.1
url:https://metacpan.org/changes/release/shay/perl-5.28.1
Trust: 1.1
url:https://rt.perl.org/ticket/display.html?id=133204
Trust: 1.1
url:https://security.netapp.com/advisory/ntap-20190221-0003/
Trust: 1.1
url:https://support.apple.com/kb/ht209600
Trust: 1.1
url:https://www.debian.org/security/2018/dsa-4347
Trust: 1.1
url:http://seclists.org/fulldisclosure/2019/mar/49
Trust: 1.1
url:https://www.oracle.com/security-alerts/cpuapr2020.html
Trust: 1.1
url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 1.1
url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Trust: 1.1
url:https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html
Trust: 1.1
url:https://access.redhat.com/errata/rhba-2019:0327
Trust: 1.1
url:https://access.redhat.com/errata/rhsa-2019:0010
Trust: 1.1
url:http://www.securitytracker.com/id/1042181
Trust: 1.1
url:https://usn.ubuntu.com/3834-1/
Trust: 1.1
url:https://usn.ubuntu.com/3834-2/
Trust: 1.1
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10278
Trust: 1.0
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/
Trust: 1.0
url:https://access.redhat.com/security/cve/cve-2018-18311
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18311
Trust: 0.8
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.5
url:https://bugzilla.redhat.com/):
Trust: 0.5
url:https://access.redhat.com/security/team/key/
Trust: 0.5
url:https://access.redhat.com/articles/11258
Trust: 0.5
url:https://access.redhat.com/security/team/contact/
Trust: 0.5
url:https://access.redhat.com/security/updates/classification/#important
Trust: 0.5
url:https://access.redhat.com/security/cve/cve-2018-18314
Trust: 0.4
url:https://bugzilla.redhat.com/show_bug.cgi?id=1646751
Trust: 0.3
url:https://github.com/perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f
Trust: 0.3
url:www.perl.org
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2018-18313
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2018-18312
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-18314
Trust: 0.2
url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10278
Trust: 0.1
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-18313
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-18312
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-6913
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-6797
Trust: 0.1
url:https://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-6798
Trust: 0.1
url:https://security.gentoo.org/
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:https://usn.ubuntu.com/usn/usn-3834-2
Trust: 0.1
url:https://usn.ubuntu.com/usn/usn-3834-1
Trust: 0.1
sources:
            
            
            VULHUB: VHN-128858 // 
            
            
            
            BID: 106145 // 
            
            
            
            JVNDB: JVNDB-2018-012765 // 
            
            
            
            PACKETSTORM: 153965 // 
            
            
            
            PACKETSTORM: 153814 // 
            
            
            
            PACKETSTORM: 151000 // 
            
            
            
            PACKETSTORM: 151248 // 
            
            
            
            PACKETSTORM: 154385 // 
            
            
            
            PACKETSTORM: 153652 // 
            
            
            
            PACKETSTORM: 150565 // 
            
            
            
            NVD: CVE-2018-18311

CREDITS
Red Hat
Trust: 0.5
sources:
            
            
            PACKETSTORM: 153965 // 
            
            
            
            PACKETSTORM: 153814 // 
            
            
            
            PACKETSTORM: 151000 // 
            
            
            
            PACKETSTORM: 151248 // 
            
            
            
            PACKETSTORM: 153652

SOURCES
db:VULHUBid:VHN-128858
db:BIDid:106145
db:JVNDBid:JVNDB-2018-012765
db:PACKETSTORMid:153965
db:PACKETSTORMid:153814
db:PACKETSTORMid:151000
db:PACKETSTORMid:151248
db:PACKETSTORMid:154385
db:PACKETSTORMid:153652
db:PACKETSTORMid:150565
db:NVDid:CVE-2018-18311

LAST UPDATE DATE
2025-04-23T21:10:21.581000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-128858date:2020-08-24T00:00:00
db:BIDid:106145date:2018-11-29T00:00:00
db:JVNDBid:JVNDB-2018-012765date:2019-02-07T00:00:00
db:NVDid:CVE-2018-18311date:2024-11-21T03:55:40.773

SOURCES RELEASE DATE
db:VULHUBid:VHN-128858date:2018-12-07T00:00:00
db:BIDid:106145date:2018-11-29T00:00:00
db:JVNDBid:JVNDB-2018-012765date:2019-02-07T00:00:00
db:PACKETSTORMid:153965date:2019-08-07T20:08:30
db:PACKETSTORMid:153814date:2019-07-30T18:17:37
db:PACKETSTORMid:151000date:2019-01-03T02:57:21
db:PACKETSTORMid:151248date:2019-01-22T16:02:14
db:PACKETSTORMid:154385date:2019-09-06T22:21:33
db:PACKETSTORMid:153652date:2019-07-16T20:10:26
db:PACKETSTORMid:150565date:2018-12-03T21:10:24
db:NVDid:CVE-2018-18311date:2018-12-07T21:29:00.407