PublicDateAtUSN: 2018-04-14
Candidate: CVE-2018-6913
PublicDate: 2018-04-17 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6913
 https://ubuntu.com/security/notices/USN-3625-1
 https://ubuntu.com/security/notices/USN-3625-2
Description:
 Heap-based buffer overflow in the pack function in Perl before 5.26.2
 allows context-dependent attackers to execute arbitrary code via a large
 item count.
Ubuntu-Description:
Notes:
 ratliff> Fix developed by Tony Cook
Bugs:
 https://rt.perl.org/Public/Bug/Display.html?id=131844
Priority: medium
Discovered-by: GwanYeong Kim
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_perl:
 upstream: https://perl5.git.perl.org/perl.git/commitdiff/a9d5c6e11891b48be06d4e06eeed18642bc98527 (5.24)
 upstream: https://perl5.git.perl.org/perl.git/commitdiff/0fcf83230df5f8c52602ae22fde57c7ea885534d (5.26)
upstream_perl: needs-triage
precise/esm_perl: released (5.14.2-6ubuntu2.7)
trusty_perl: released (5.18.2-2ubuntu1.4)
trusty/esm_perl: released (5.18.2-2ubuntu1.4)
xenial_perl: released (5.22.1-9ubuntu0.3)
esm-infra/xenial_perl: released (5.22.1-9ubuntu0.3)
artful_perl: released (5.26.0-8ubuntu1.1)
devel_perl: not-affected (5.26.1-6)