CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-6913
https://notcve.org/view.php?id=CVE-2018-6913
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. Desbordamiento de búfer basado en memoria dinámica (heap) en la función pack de Perl, en versiones anteriores a la 5.26.2, permite que atacantes dependientes del contexto ejecuten código arbitrario mediante un conteo de items largo. • http://www.securityfocus.com/bid/103953 http://www.securitytracker.com/id/1040681 https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html https://rt.perl.org/Public/Bug/Display.html?id=131844 https://security.gentoo.org/glsa/201909-01 https://usn.ubuntu.com/3625-1 https://usn.ubuntu.com/3625-2 https://www.debian.org/security/2018/dsa-4172 https://www.oracle.com/security-alerts/cpujul2020.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-6797 – perl: heap write overflow in regcomp.c
https://notcve.org/view.php?id=CVE-2018-6797
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. Se ha descubierto un problema en Perl 5.26. Una expresión regular manipulada puede provocar un desbordamiento de búfer basado en memoria dinámica (heap), con control sobre los bytes que se escriben. A heap buffer write overflow, with control over the bytes written, was found in the way regular expressions employing Unicode rules are compiled. • http://www.securitytracker.com/id/1040681 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:1192 https://rt.perl.org/Public/Bug/Display.html?id=132227 https://security.gentoo.org/glsa/201909-01 https://usn.ubuntu.com/3625-1 https://www.debian.org/security/2018/dsa-4172 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2018-6797 https://bugzilla.redhat.com/show_bug.cgi?id=1547783 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-6798 – perl: heap read overflow in regexec.c
https://notcve.org/view.php?id=CVE-2018-6798
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. Se ha descubierto un problema en Perl, de la versión 5.22 a la 5.26. Si se hace que coincida una expresión regular dependiente de una locale manipulada, se puede provocar una sobrelectura de búfer basada en memoria dinámica (heap) y una potencial divulgación de información. A heap buffer over read flaw was found in the way Perl regular expression engine handled inputs with invalid UTF-8 characters. • http://www.securitytracker.com/id/1040681 https://access.redhat.com/errata/RHSA-2018:1192 https://rt.perl.org/Public/Bug/Display.html?id=132063 https://security.gentoo.org/glsa/201909-01 https://usn.ubuntu.com/3625-1 https://www.debian.org/security/2018/dsa-4172 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com/security/cve/CVE-2018-6798 https://bugzilla.redhat.com/show_bug.cgi?id=1547779 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 1CVE-2017-12814
https://notcve.org/view.php?id=CVE-2017-12814
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. Un desbordamiento de búfer basado en pila en el método CPerlHost::Add en win32/perlhost.h en Perl en versiones anteriores a la 5.24.3-RC1 y las versiones 5.26.x anteriores a 5.26.1-RC1 en Windows permite que los atacantes ejecuten código arbitrario mediante una variable de entorno larga. • http://www.securityfocus.com/bid/101051 https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 https://rt.perl.org/Public/Bug/Display.html?id=131665 https://security.netapp.com/advisory/ntap-20180426-0001 https://www.oracle.com/security-alerts/cpujul2020.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 3%CPEs: 2EXPL: 0CVE-2017-12883
https://notcve.org/view.php?id=CVE-2017-12883
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. Un Desbordamiento de búfer en la función S_grok_bslash_N en el archivo regcomp.c en Perl versión 5 anterior a 5.24.3-RC1 y versión 5.26.x anterior a 5.26.1-RC1, permite a los atacantes remotos divulgar información confidencial o causar una denegación de servicio (bloqueo de aplicación) por medio de una expresión creada con un escape '\N{U+...}' inválido. • http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch http://www.debian.org/security/2017/dsa-3982 http://www.securityfocus.com/bid/100852 https://bugzilla.redhat.com/show_bug.cgi?id=1492093 https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1 https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 https://rt.pe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •