perl: Heap-based buffer overflow in S_regatom()

🗓️ 02 Jan 2019 16:14:38Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

Perl before 5.26.3 has a buffer overflow in S_regatom() from crafted regex, causing invalid writes.

Reporter	Title	Published	Views	Family All 64
IBM Security Bulletins	Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311)	30 Jan 201911:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	30 Nov 202318:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018	28 Jan 201917:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition (ITNM).	29 Jan 202504:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl (CVE-2018-18314).	12 Jan 202321:59	–	ibm
AlpineLinux	CVE-2018-18314	7 Dec 201821:00	–	alpinelinux
BDU FSTEC	The vulnerability of the Perl programming language interpreter, related to errors in processing regular expressions, allows attackers to execute arbitrary code.	1 Mar 201900:00	–	bdu_fstec
Cloud Foundry	USN-3834-1: Perl vulnerabilities \| Cloud Foundry	27 Dec 201800:00	–	cloudfoundry
CNVD	Perl heap overflow vulnerability (CNVD-2019-09595)	3 Dec 201800:00	–	cnvd
CVE	CVE-2018-18314	7 Dec 201821:00	–	cve

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	x86_64	rh-perl524-perl	4:5.24.0-381.el6	rh-perl524-perl-4:5.24.0-381.el6.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	rh-perl524-perl	4:5.24.0-381.el7	rh-perl524-perl-4:5.24.0-381.el7.x86_64.rpm
Red Hat Enterprise Linux	6	any	rh-perl524-perl-attribute-handlers	0:0.99-381.el6.noarch	rh-perl524-perl-Attribute-Handlers-0:0.99-381.el6.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	rh-perl524-perl-attribute-handlers	0:0.99-381.el7.noarch	rh-perl524-perl-Attribute-Handlers-0:0.99-381.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	6	x86_64	rh-perl524-perl-devel-peek	0:1.23-381.el6	rh-perl524-perl-Devel-Peek-0:1.23-381.el6.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	rh-perl524-perl-devel-peek	0:1.23-381.el7	rh-perl524-perl-Devel-Peek-0:1.23-381.el7.x86_64.rpm
Red Hat Enterprise Linux	6	any	rh-perl524-perl-devel-selfstubber	0:1.05-381.el6.noarch	rh-perl524-perl-Devel-SelfStubber-0:1.05-381.el6.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	rh-perl524-perl-devel-selfstubber	0:1.05-381.el7.noarch	rh-perl524-perl-Devel-SelfStubber-0:1.05-381.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	6	x86_64	rh-perl524-perl-errno	0:1.25-381.el6	rh-perl524-perl-Errno-0:1.25-381.el6.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	rh-perl524-perl-errno	0:1.25-381.el7	rh-perl524-perl-Errno-0:1.25-381.el7.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2018-18314
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-18314
cve	www.cve.org/CVERecord

21 Apr 2026 13:30Current

7.6High risk

Vulners AI Score7.6

CVSS 27.5

CVSS 39.8

EPSS0.0606

perl buffer overflow regular expression unix