{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-11-29T00:00:00", "descriptions": [{"lang": "en", "value": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-15T02:22:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1601-1] perl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"}, {"name": "DSA-4347", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4347"}, {"name": "106145", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106145"}, {"name": "1042181", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1042181"}, {"name": "RHSA-2019:0010", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0010"}, {"name": "USN-3834-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3834-2/"}, {"name": "FEDORA-2018-9dbe983805", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"}, {"name": "RHSA-2019:0001", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0001"}, {"name": "RHSA-2019:0109", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0109"}, {"name": "USN-3834-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3834-1/"}, {"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Mar/42"}, {"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Mar/49"}, {"name": "RHBA-2019:0327", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"name": "RHSA-2019:1790", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1790"}, {"name": "RHSA-2019:1942", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1942"}, {"name": "RHSA-2019:2400", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2400"}, {"name": "GLSA-201909-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201909-01"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT209600"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190221-0003/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://rt.perl.org/Ticket/Display.html?id=133204"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10278"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18311", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1601-1] perl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"}, {"name": "DSA-4347", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4347"}, {"name": "106145", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106145"}, {"name": "1042181", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042181"}, {"name": "RHSA-2019:0010", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0010"}, {"name": "USN-3834-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3834-2/"}, {"name": "FEDORA-2018-9dbe983805", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"}, {"name": "RHSA-2019:0001", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0001"}, {"name": "RHSA-2019:0109", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0109"}, {"name": "USN-3834-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3834-1/"}, {"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Mar/42"}, {"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Mar/49"}, {"name": "RHBA-2019:0327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"name": "RHSA-2019:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1790"}, {"name": "RHSA-2019:1942", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1942"}, {"name": "RHSA-2019:2400", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2400"}, {"name": "GLSA-201909-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201909-01"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "https://support.apple.com/kb/HT209600", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT209600"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"}, {"name": "https://security.netapp.com/advisory/ntap-20190221-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190221-0003/"}, {"name": "https://metacpan.org/changes/release/SHAY/perl-5.26.3", "refsource": "CONFIRM", "url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"}, {"name": "https://metacpan.org/changes/release/SHAY/perl-5.28.1", "refsource": "CONFIRM", "url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"}, {"name": "https://rt.perl.org/Ticket/Display.html?id=133204", "refsource": "CONFIRM", "url": "https://rt.perl.org/Ticket/Display.html?id=133204"}, {"name": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be", "refsource": "CONFIRM", "url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10278", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10278"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:08:21.612Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1601-1] perl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"}, {"name": "DSA-4347", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4347"}, {"name": "106145", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106145"}, {"name": "1042181", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1042181"}, {"name": "RHSA-2019:0010", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0010"}, {"name": "USN-3834-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3834-2/"}, {"name": "FEDORA-2018-9dbe983805", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"}, {"name": "RHSA-2019:0001", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0001"}, {"name": "RHSA-2019:0109", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0109"}, {"name": "USN-3834-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3834-1/"}, {"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Mar/42"}, {"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Mar/49"}, {"name": "RHBA-2019:0327", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"name": "RHSA-2019:1790", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1790"}, {"name": "RHSA-2019:1942", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1942"}, {"name": "RHSA-2019:2400", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2400"}, {"name": "GLSA-201909-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201909-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT209600"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190221-0003/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://rt.perl.org/Ticket/Display.html?id=133204"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10278"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18311", "datePublished": "2018-12-07T21:00:00", "dateReserved": "2018-10-14T00:00:00", "dateUpdated": "2024-08-05T11:08:21.612Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0FEAD21-C9A0-40F3-8F2E-489750B07760", "versionEndExcluding": "5.26.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*", "matchCriteriaId": "054E1C6A-1EC3-4877-839C-1C28FCEC501A", "versionEndExcluding": "5.28.1", "versionStartIncluding": "5.28.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2EBD848-26BA-4EF6-81C8-83B6DFFC75DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapdriver:-:*:*:*:*:unix:*:*", "matchCriteriaId": "19F76A75-CFAE-4E1B-A845-E9E2E236C5DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "09CDBB72-2A0D-4321-BA1F-4FB326A5646A", "versionEndExcluding": "10.14.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0F4117D-97ED-4DD8-843F-F4147342AAE0", "versionEndExcluding": "7.7.2.21", "versionStartIncluding": "7.7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "70504EAB-FC1C-4E0B-859E-49BD13685E13", "versionEndExcluding": "7.8.2.8", "versionStartIncluding": "7.8.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D943214-14D8-47BC-BCF4-76B78EE95028", "versionEndExcluding": "8.1.1", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."}, {"lang": "es", "value": "Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de b\u00fafer mediante una expresi\u00f3n regular manipulada que desencadena operaciones inv\u00e1lidas de escritura."}], "id": "CVE-2018-18311", "lastModified": "2023-11-07T02:55:02.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-07T21:29:00.407", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Mar/49"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106145"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1042181"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0001"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0010"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0109"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:1790"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:1942"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2400"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10278"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://rt.perl.org/Ticket/Display.html?id=133204"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Mar/42"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201909-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190221-0003/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209600"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3834-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3834-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4347"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter.", "affected_release": [{"advisory": "RHSA-2019:0109", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "perl-4:5.16.3-294.el7_6", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-01-21T00:00:00Z"}, {"advisory": "RHSA-2019:2400", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "perl-4:5.16.3-291.el7_3.1", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-08-07T00:00:00Z"}, {"advisory": "RHSA-2019:2400", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "perl-4:5.16.3-291.el7_3.1", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-08-07T00:00:00Z"}, {"advisory": "RHSA-2019:2400", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "perl-4:5.16.3-291.el7_3.1", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-08-07T00:00:00Z"}, {"advisory": "RHSA-2019:1942", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "perl-4:5.16.3-292.el7_4.1", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-07-30T00:00:00Z"}, {"advisory": "RHSA-2019:1790", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "perl-4:5.16.3-292.el7_5.1", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-07-16T00:00:00Z"}, {"advisory": "RHSA-2019:0010", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-perl524-perl-4:5.24.0-381.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0001", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl526-perl-4:5.26.3-405.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0001", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl526-perl-Module-CoreList-1:5.20181130-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0010", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl524-perl-4:5.24.0-381.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0001", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl526-perl-4:5.26.3-405.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0001", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl526-perl-Module-CoreList-1:5.20181130-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0010", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl524-perl-4:5.24.0-381.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0001", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl526-perl-4:5.26.3-405.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0001", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl526-perl-Module-CoreList-1:5.20181130-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0010", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl524-perl-4:5.24.0-381.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0001", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl526-perl-4:5.26.3-405.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0001", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl526-perl-Module-CoreList-1:5.20181130-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-01-02T00:00:00Z"}, {"advisory": "RHSA-2019:0010", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl524-perl-4:5.24.0-381.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-01-02T00:00:00Z"}], "bugzilla": {"description": "perl: Integer overflow leading to buffer overflow in Perl_my_setenv()", "id": "1646730", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190->CWE-120", "details": ["Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."], "name": "CVE-2018-18311", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "perl:5.24/perl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:3", "fix_state": "Not affected", "package_name": "perl", "product_name": "Red Hat OpenShift Enterprise 3"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Will not fix", "impact": "low", "package_name": "redhat-virtualization-host", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Will not fix", "impact": "low", "package_name": "rhvm-appliance", "product_name": "Red Hat Virtualization 4"}], "public_date": "2018-11-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-18311\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18311"], "statement": "This vulnerability is present in versions of perl included with Red Hat Virtualization Hypervisor and Management Appliance, however it is not exposed in any meaningful way. Perl is only included in these images as a dependency of components which do not manipulate ENV, and are not exposed to user input. A future update may address this issue.", "threat_severity": "Important", "upstream_fix": "perl 5.29.1, perl 5.26.3"}