Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3625-1
HistoryApr 16, 2018 - 12:00 a.m.

Perl vulnerabilities

2018-04-1600:00:00
ubuntu.com
40

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.9%

JSON

Releases

  • Ubuntu 17.10
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • perl - Practical Extraction and Report Language

Details

It was discovered that Perl incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause Perl to
hang, resulting in a denial of service. This issue only affected Ubuntu
14.04 LTS. (CVE-2015-8853)

It was discovered that Perl incorrectly loaded libraries from the current
working directory. A local attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and
Ubuntu 16.04 LTS. (CVE-2016-6185)

It was discovered that Perl incorrectly handled the rmtree and remove_tree
functions. A local attacker could possibly use this issue to set the mode
on arbitrary files. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2017-6512)

Brian Carpenter discovered that Perl incorrectly handled certain regular
expressions. An attacker could use this issue to cause Perl to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 17.10.
(CVE-2018-6797)

Nguyen Duc Manh discovered that Perl incorrectly handled certain regular
expressions. An attacker could use this issue to cause Perl to crash,
resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS
and Ubuntu 17.10. (CVE-2018-6798)

GwanYeong Kim discovered that Perl incorrectly handled certain data when
using the pack function. An attacker could use this issue to cause Perl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2018-6913)

OSVersionArchitecturePackageVersionFilename
Ubuntu17.10noarchperl< 5.26.0-8ubuntu1.1UNKNOWN
Ubuntu17.10noarchlibperl-dev< 5.26.0-8ubuntu1.1UNKNOWN
Ubuntu17.10noarchlibperl5.26< 5.26.0-8ubuntu1.1UNKNOWN
Ubuntu17.10noarchperl-base< 5.26.0-8ubuntu1.1UNKNOWN
Ubuntu17.10noarchperl-debug< 5.26.0-8ubuntu1.1UNKNOWN
Ubuntu17.10noarchperl-doc< 5.26.0-8ubuntu1.1UNKNOWN
Ubuntu17.10noarchperl-modules-5.26< 5.26.0-8ubuntu1.1UNKNOWN
Ubuntu16.04noarchperl< 5.22.1-9ubuntu0.3UNKNOWN
Ubuntu16.04noarchlibperl-dev< 5.22.1-9ubuntu0.3UNKNOWN
Ubuntu16.04noarchlibperl5.22< 5.22.1-9ubuntu0.3UNKNOWN
Rows per page:
1-10 of 191

Related

openvas 56
nessus 53
cloudfoundry 1
ubuntu 1
fedora 13
debian 9
mageia 4
freebsd 2
hackerone 3
redhat 1
photon 3
gentoo 3
debiancve 6
cve 6
prion 6
ubuntucve 6
redhatcve 5
osv 9
ibm 4
alpinelinux 3
veracode 3
suse 1
rosalinux 1
openvas
openvas
Ubuntu: Security Advisory (USN-3625-1)
2018-04-17 00:00:00
Ubuntu: Security Advisory (USN-3625-2)
2022-08-26 00:00:00
Fedora Update for perl FEDORA-2018-1c8b49fbc7
2018-04-21 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : Perl vulnerabilities (USN-3625-1)
2018-04-17 00:00:00
SUSE SLED12 / SLES12 Security Update : perl (SUSE-SU-2018:1074-1)
2018-04-26 00:00:00
Debian DSA-4172-1 : perl - security update
2018-04-16 00:00:00
cloudfoundry
cloudfoundry
USN-3625-1: Perl vulnerabilities | Cloud Foundry
2018-05-09 00:00:00
ubuntu
ubuntu
Perl vulnerabilities
2018-04-17 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: perl-5.26.2-410.fc28
2018-05-09 21:27:39
[SECURITY] Fedora 26 Update: perl-Module-CoreList-5.20180414-1.fc26
2018-04-25 18:16:57
[SECURITY] Fedora 27 Update: perl-Module-CoreList-5.20180414-1.fc27
2018-04-21 03:41:26
debian
debian
[SECURITY] [DSA 4172-1] perl security update
2018-04-14 15:59:25
[SECURITY] [DSA 4172-1] perl security update
2018-04-14 15:59:25
[SECURITY] [DLA 1345-1] perl security update
2018-04-14 23:14:05
mageia
mageia
Updated perl packages fix security vulnerabilities
2018-05-16 11:24:56
Updated perl packages fix security vulnerability
2016-05-20 14:38:30
Updated perl-XSLoader packages fix security vulnerability
2016-09-16 12:27:13
freebsd
freebsd
perl -- multiple vulnerabilities
2018-04-14 00:00:00
p5-XSLoader -- local arbitrary code execution
2016-06-30 00:00:00
hackerone
hackerone
Internet Bug Bounty: Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak
2019-01-16 08:31:57
Internet Bug Bounty: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
2018-05-20 14:35:28
Internet Bug Bounty: CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written
2018-04-14 17:22:34
redhat
redhat
(RHSA-2018:1192) Moderate: rh-perl524-perl security update
2018-04-23 06:26:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0050
2018-05-29 00:00:00
Critical Photon OS Security Update - PHSA-2018-0050
2018-05-29 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0167
2018-07-27 00:00:00
gentoo
gentoo
Perl: Multiple vulnerabilities
2019-09-06 00:00:00
Perl: Multiple vulnerabilities
2017-01-29 00:00:00
Perl: Race condition vulnerability
2017-09-17 00:00:00
debiancve
debiancve
CVE-2015-8853
2016-05-25 15:59:00
CVE-2016-6185
2016-08-02 14:59:00
CVE-2018-6913
2018-04-17 20:29:00
cve
cve
CVE-2015-8853
2016-05-25 15:59:00
CVE-2018-6913
2018-04-17 20:29:00
CVE-2016-6185
2016-08-02 14:59:00
prion
prion
Code injection
2016-05-25 15:59:00
Directory traversal
2016-08-02 14:59:00
Heap overflow
2018-04-17 20:29:00
ubuntucve
ubuntucve
CVE-2015-8853
2016-05-25 00:00:00
CVE-2016-6185
2016-08-02 00:00:00
CVE-2018-6913
2018-04-14 00:00:00
redhatcve
redhatcve
CVE-2018-6913
2020-01-28 04:15:07
CVE-2016-6185
2016-07-11 08:48:13
CVE-2017-6512
2017-06-01 12:19:09
osv
osv
perl - security update
2018-04-15 00:00:00
perl - security update
2018-04-14 00:00:00
CVE-2018-6913
2018-04-17 20:29:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl (CVE-2018-6913).
2023-01-12 21:59:00
Security Bulletin: Vulnerabilities in Perl component shipped with IBM Rational ClearQuest (CVE-2015-8608, CVE-2015-8853, CVE-2016-2381)
2020-02-04 16:40:40
Security Bulletin: Vulnerabilities in Perl component shipped with IBM Rational ClearCase (CVE-2015-8608, CVE-2015-8853, CVE-2016-2381)
2018-07-10 08:34:12
alpinelinux
alpinelinux
CVE-2018-6913
2018-04-17 20:29:00
CVE-2018-6797
2018-04-17 20:29:00
CVE-2018-6798
2018-04-17 20:29:00
veracode
veracode
Insecure Configuration
2020-12-06 04:04:38
Denial Of Service (DoS)
2019-01-15 09:22:08
Information Disclosure
2019-05-16 02:54:17
suse
suse
Security update for perl (moderate)
2022-09-14 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1949
2021-07-02 17:41:47

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.9%

JSON
Related for USN-3625-1
openvas56nessus53cloudfoundry1ubuntu1fedora13debian9mageia4freebsd2hackerone3redhat1photon3gentoo3debiancve6cve6prion6ubuntucve6redhatcve5osv9ibm4alpinelinux3veracode3suse1rosalinux1