PublicDateAtUSN: 2018-04-14
Candidate: CVE-2018-6797
PublicDate: 2018-04-17 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6797
 https://ubuntu.com/security/notices/USN-3625-1
Description:
 An issue was discovered in Perl 5.18 through 5.26. A crafted regular
 expression can cause a heap-based buffer overflow, with control over the
 bytes written.
Ubuntu-Description:
Notes:
 ratliff> Fix developed by Yves Orton and Karl Williamson
 mdeslaur> code is different in trusty, backport difficult and prone to
 mdeslaur> introducing regressions. Marking as ignored.
Bugs:
 https://rt.perl.org/Public/Bug/Display.html?id=132227
Priority: medium
Discovered-by: Brian Carpenter
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_perl:
 upstream: https://perl5.git.perl.org/perl.git/commitdiff/510cc261d965ccfa427900ebb368fc4d337442d2 (5.24)
 upstream: https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51 (5.26)
upstream_perl: needs-triage
precise/esm_perl: not-affected
trusty_perl: ignored
trusty/esm_perl: ignored
xenial_perl: released (5.22.1-9ubuntu0.3)
esm-infra/xenial_perl: released (5.22.1-9ubuntu0.3)
artful_perl: released (5.26.0-8ubuntu1.1)
devel_perl: not-affected (5.26.1-6)