#VU11835 Heap-based buffer overflow in Perl - CVE-2018-6913
Published: April 16, 2018 / Updated: April 16, 2018
Vulnerability identifier: #VU11835
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6913
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Perl
Perl
Software vendor:
Perl
Perl
Description
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow. A local attacker can exploit a specially crafted pack() function, trigger memory corruption and cause the service to crash or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to heap-based buffer overflow. A local attacker can exploit a specially crafted pack() function, trigger memory corruption and cause the service to crash or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 5.26.2.