#VU11834 Heap-based buffer over-read in Perl - CVE-2018-6798
Published: April 16, 2018 / Updated: April 16, 2018
Vulnerability identifier: #VU11834
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6798
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Perl
Perl
Software vendor:
Perl
Perl
Description
The vulnerability allows a local attacker to obtain potentially sensitive information or execute arbitrary code on the target system.
The weakness exists due to heap-based buffer over-read. A local attacker can exploit a specially crafted locale dependent regular expression, trigger memory corruption and gain access to potentially sensitive information or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to heap-based buffer over-read. A local attacker can exploit a specially crafted locale dependent regular expression, trigger memory corruption and gain access to potentially sensitive information or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 5.26.2.