Heap-based buffer over-read in Perl - CVE-2018-6798
Published: April 16, 2018 / Updated: April 16, 2018
Vulnerability identifier: #VU11834
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6798
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Perl
Affected software:
Perl
Perl
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information or execute arbitrary code on the target system.
The weakness exists due to heap-based buffer over-read. A local attacker can exploit a specially crafted locale dependent regular expression, trigger memory corruption and gain access to potentially sensitive information or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to heap-based buffer over-read. A local attacker can exploit a specially crafted locale dependent regular expression, trigger memory corruption and gain access to potentially sensitive information or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-6798
Update to version 5.26.2.