CVE-2018-6798

HIGH

Debian Linux < 5.26 - Out-of-Bounds Read

Title source: rule

Description

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

References (7)

Core 7

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1192

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040681

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3625-1/

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4172

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201909-01

Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2020.html

Vendor Advisory x_refsource_confirm

https://rt.perl.org/Public/Bug/Display.html?id=132063

Scores

CVSS v3 7.5

EPSS 0.0160

EPSS Percentile 81.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (14)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

debian/debian_linux 7.0

debian/debian_linux 8.0

debian/debian_linux 9.0

perl/perl 5.22 - 5.26

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server 7.3

... and 4 more

Published Apr 17, 2018

Tracked Since Feb 18, 2026