SB2024052255 - SUSE update for perl
Published: May 22, 2024
Security Bulletin ID
SB2024052255
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Heap-based buffer over-read (CVE-ID: CVE-2018-6798)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information or execute arbitrary code on the target system.
The weakness exists due to heap-based buffer over-read. A local attacker can exploit a specially crafted locale dependent regular expression, trigger memory corruption and gain access to potentially sensitive information or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
2) Heap-based buffer overflow (CVE-ID: CVE-2018-6913)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow. A local attacker can exploit a specially crafted pack() function, trigger memory corruption and cause the service to crash or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.