#VU11833 Heap-based buffer overflow in Perl - CVE-2018-6797
Published: April 16, 2018 / Updated: April 16, 2018
Vulnerability identifier: #VU11833
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6797
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Perl
Perl
Software vendor:
Perl
Perl
Description
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in S_regatom() in 'regcomp.c' due to heap-based buffer overflow. A local attacker can exploit a specially crafted regular expression, trigger memory corruption and cause the service to crash or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in S_regatom() in 'regcomp.c' due to heap-based buffer overflow. A local attacker can exploit a specially crafted regular expression, trigger memory corruption and cause the service to crash or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 5.26.2.