{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-15T02:22:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1042004", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1042004"}, {"name": "RHSA-2018:1192", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1192"}, {"name": "1040681", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040681"}, {"name": "USN-3625-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3625-1/"}, {"name": "DSA-4172", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4172"}, {"name": "GLSA-201909-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201909-01"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6797", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1042004", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042004"}, {"name": "RHSA-2018:1192", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1192"}, {"name": "1040681", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040681"}, {"name": "USN-3625-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3625-1/"}, {"name": "DSA-4172", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4172"}, {"name": "GLSA-201909-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201909-01"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://rt.perl.org/Public/Bug/Display.html?id=132227", "refsource": "CONFIRM", "url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:10:11.385Z"}, "title": "CVE Program Container", "references": [{"name": "1042004", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1042004"}, {"name": "RHSA-2018:1192", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1192"}, {"name": "1040681", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040681"}, {"name": "USN-3625-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3625-1/"}, {"name": "DSA-4172", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4172"}, {"name": "GLSA-201909-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201909-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6797", "datePublished": "2018-04-17T20:00:00", "dateReserved": "2018-02-06T00:00:00", "dateUpdated": "2024-08-05T06:10:11.385Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCC823E6-D243-4B29-99D9-5301FA579891", "versionEndIncluding": "5.26", "versionStartIncluding": "5.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "BB520389-84EE-477C-A9C8-74721592A320", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "DA4AB18C-40FC-4E48-830D-481A97B34256", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "24D3235A-DB42-4868-90D9-712C3B3693AE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written."}, {"lang": "es", "value": "Se ha descubierto un problema en Perl 5.26. Una expresi\u00f3n regular manipulada puede provocar un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap), con control sobre los bytes que se escriben."}], "id": "CVE-2018-6797", "lastModified": "2024-11-21T04:11:13.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-17T20:29:00.520", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040681"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1042004"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1192"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201909-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3625-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4172"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1042004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201909-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3625-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Perl 5 Porters for reporting this issue. Upstream acknowledges Brian Carpenter as the original reporter.", "affected_release": [{"advisory": "RHSA-2018:1192", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-perl524-perl-4:5.24.0-380.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-04-23T00:00:00Z"}, {"advisory": "RHSA-2018:1192", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-perl524-perl-4:5.24.0-380.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2018-04-23T00:00:00Z"}, {"advisory": "RHSA-2018:1192", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl524-perl-4:5.24.0-380.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-04-23T00:00:00Z"}, {"advisory": "RHSA-2018:1192", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl524-perl-4:5.24.0-380.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-04-23T00:00:00Z"}, {"advisory": "RHSA-2018:1192", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-perl524-perl-4:5.24.0-380.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-04-23T00:00:00Z"}], "bugzilla": {"description": "perl: heap write overflow in regcomp.c", "id": "1547783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547783"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.", "A heap buffer write overflow, with control over the bytes written, was found in the way regular expressions employing Unicode rules are compiled. An attacker, with the ability to provide a specially crafted regular expression, could crash the perl interpreter, or possibly execute arbitrary code."], "name": "CVE-2018-6797", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-perl520-perl", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-perl526-perl", "product_name": "Red Hat Software Collections"}], "public_date": "2018-04-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-6797\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6797\nhttps://rt.perl.org/Public/Bug/Display.html?id=132227"], "statement": "Versions of the perl interpreter older than 5.18 are not vulnerable. As a result, the versions of perl as shipped in Red Hat Enterprise Linux version 7, 6 and 5 are not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "perl 5.26.2, perl 5.24.4"}