Heap-based buffer overflow in Perl - CVE-2018-6797
Published: April 16, 2018 / Updated: April 16, 2018
Vulnerability identifier: #VU11833
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6797
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Perl
Affected software:
Perl
Perl
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in S_regatom() in 'regcomp.c' due to heap-based buffer overflow. A local attacker can exploit a specially crafted regular expression, trigger memory corruption and cause the service to crash or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in S_regatom() in 'regcomp.c' due to heap-based buffer overflow. A local attacker can exploit a specially crafted regular expression, trigger memory corruption and cause the service to crash or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-6797
Update to version 5.26.2.