Lucene search

[email protected]NVD:CVE-2018-18311

HistoryDec 07, 2018 - 9:29 p.m.

CVE-2018-18311

2018-12-0721:29:00

CWE-787

CWE-190

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Affected configurations

NVD

Node

perlperlRange<5.26.3

perlperlRange5.28.0–5.28.1

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

netappe-series_santricity_os_controllerMatch-

netappsnap_creator_frameworkMatch-

netappsnapcenterMatch-

netappsnapdriverMatch-unix

Node

redhatopenshift_container_platformMatch3.11

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch7.4

redhatenterprise_linuxMatch7.5

redhatenterprise_linuxMatch7.6

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.6

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_workstationMatch7.0

Node

applemac_os_xRange<10.14.4

Node

fedoraprojectfedoraMatch29

Node

mcafeeweb_gatewayRange7.7.2–7.7.2.21

mcafeeweb_gatewayRange7.8.2–7.8.2.8

mcafeeweb_gatewayRange8.0.0–8.1.1

References

seclists.org/fulldisclosure/2019/Mar/49

www.securityfocus.com/bid/106145

www.securitytracker.com/id/1042181

access.redhat.com/errata/RHBA-2019:0327

access.redhat.com/errata/RHSA-2019:0001

access.redhat.com/errata/RHSA-2019:0010

access.redhat.com/errata/RHSA-2019:0109

access.redhat.com/errata/RHSA-2019:1790

access.redhat.com/errata/RHSA-2019:1942

access.redhat.com/errata/RHSA-2019:2400

bugzilla.redhat.com/show_bug.cgi?id=1646730

github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be

kc.mcafee.com/corporate/index?page=content&id=SB10278

lists.debian.org/debian-lts-announce/2018/11/msg00039.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/

metacpan.org/changes/release/SHAY/perl-5.26.3

metacpan.org/changes/release/SHAY/perl-5.28.1

rt.perl.org/Ticket/Display.html?id=133204

seclists.org/bugtraq/2019/Mar/42

security.gentoo.org/glsa/201909-01

security.netapp.com/advisory/ntap-20190221-0003/

support.apple.com/kb/HT209600

usn.ubuntu.com/3834-1/

usn.ubuntu.com/3834-2/

www.debian.org/security/2018/dsa-4347

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for NVD:CVE-2018-18311