ID

VAR-201812-0273


CVE

CVE-2018-18313


TITLE

Perl Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2018-012766

DESCRIPTION

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Perl is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. Perl versions 5.22 through 5.26 are vulnerable. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-perl524-perl security update Advisory ID: RHSA-2019:0010-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:0010 Issue date: 2019-01-02 CVE Names: CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 ==================================================================== 1. Summary: An update for rh-perl524-perl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311) * perl: Heap-based buffer overflow in S_handle_regex_sets() (CVE-2018-18312) * perl: Heap-based buffer overflow in S_regatom() (CVE-2018-18314) * perl: Heap-based buffer read overflow in S_grok_bslash_N() (CVE-2018-18313) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Perl project for reporting these issues. Upstream acknowledges Jayakrishna Menon as the original reporter of CVE-2018-18311; Eiichi Tsukata as the original reporter of CVE-2018-18312 and CVE-2018-18313; and Jakub Wilk as the original reporter of CVE-2018-18314. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1646730 - CVE-2018-18311 perl: Integer overflow leading to buffer overflow in Perl_my_setenv() 1646734 - CVE-2018-18312 perl: Heap-based buffer overflow in S_handle_regex_sets() 1646738 - CVE-2018-18313 perl: Heap-based buffer read overflow in S_grok_bslash_N() 1646751 - CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom() 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-perl524-perl-5.24.0-381.el6.src.rpm noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el6.noarch.rpm x86_64: rh-perl524-perl-tests-5.24.0-381.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-perl524-perl-5.24.0-381.el6.src.rpm noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el6.noarch.rpm x86_64: rh-perl524-perl-tests-5.24.0-381.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-perl524-perl-5.24.0-381.el7.src.rpm noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-perl524-perl-5.24.0-381.el7.src.rpm noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-perl524-perl-5.24.0-381.el7.src.rpm noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-perl524-perl-5.24.0-381.el7.src.rpm noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-perl524-perl-5.24.0-381.el7.src.rpm noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18311 https://access.redhat.com/security/cve/CVE-2018-18312 https://access.redhat.com/security/cve/CVE-2018-18313 https://access.redhat.com/security/cve/CVE-2018-18314 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXCzjWdzjgjWX9erEAQgGbxAAjUats4SSpuFti8OldbpStTe7erlyVhih Gh5YONFxhYXSTeCv064Qbm+3m6gxbHBuQtsydMtXYGuMhA6ire2vQkJGT4/IAE1y 55aL3GLosOiqdu/yrydYnnSfxVBitY5dxN4sUBSeh54HOHzPx247zVMzMD2AwPQy DpdQ639qseh+Aq79z0ZOqofH9PHX3XDm2kypR7mhohxkORJ0rkoHAKgIfn5y7Y79 w8vTRn+S6C4goJUCMOUYU4eSuFx2PV6abOTvodGfPO2PPwivkVDIqr2UxMEZV4nA wh13K9FteozKWQApxVIkR3ipg55SHC9xHd1vpsnZRnGrnG4bO0EOTcsQ/9N2FztR soBINhCU0ycU9/Fal1Ul4COp6F2vpDsMveeMXcnmNX+f8H8UOtd8VoR5sJ6fhApC Lb+20d2AWuClUtqBghcRMTlXxYOu7KWYGVbamfDeIOH6p/p4XA8iDUeUFB5B4v4s eAnD0bqK1RRFpuOPO2Fi5F/LZ18olTA7TuTWDmBwj27nYxaLunZtctaLg6p/QgYS T5mPOFl6CGnafhZgy0iihwCCEjIcz34vPUe9kmK7ywBoJ3GIfNnGJmOs+FC7ntzQ L9YCjVEk5e8hTDGq6HohPF73gxAwdQVNYxzLoh7XmAvcBefL/eAK+YhDhCtc0ZUb ul+etyPMblM=Fj2Q -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The following packages have been upgraded to a later upstream version: rh-perl526-perl (5.26.3), rh-perl526-perl-Module-CoreList (5.20181130). The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv leading to a heap-based buffer overflow with attacker-controlled input. CVE-2018-18312 Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow write during compilation, potentially allowing arbitrary code execution. For the stable distribution (stretch), these problems have been fixed in version 5.24.1-3+deb9u5. We recommend that you upgrade your perl packages. For the detailed security status of perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/perl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwAY45fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SexQ/+OyRsCOK4ZPjoe/mZD6nYcTZskjNu6o0XbV0dUwqGLz3+ztWAitThvLqw OdbVmhPD9OBPXEw/CEGG/AzCzy+TTuo4B6CEevTviEq2ACS6MHWpXYk98qSLE+4a 1S+MO+kmziz1NKDJ11/7mUcS+hAoeCSbKpwkcBztyMqgMrbNpzOnlsNcXwu7kiTc TMrTrTh8a/AWYN/IZITUN742STKODbdb86Zmypl6ecdOCY0kQLlrVbSH9SaEUr0v y0R8dvl0g87lq+ipxhU2IiDzBgymf5HagvCAKcnUKWylPg/Dgtj3f7VjaK1I9cr0 GMpTCFoxw6fHsi221JzTKCYLjRC+kd0eQ+XbJmT1Djw5MBnkToNAQrvne7otNu2r VM+pV8Iizze/UiGD33VOYCA9ukzExtQVk1aqXd7jb+s0GC3bThHwApkI2pWIH422 u8fZ4nlc4TBFXzKznT7GHiPMCLL3VxxAeOD0KPrL87Z+XIZTd2ZnuAtbTt3gpDY7 rmlKsCq7ovGYOMqzmT7sNrBG0dTUogDK+pqfsDw780kmlric5/lhpTROBIj1l/Sn XN3ja2TsEwQyyzHd+tjBVxyGygawsa662PeZoL9B6iWGdSeoOhGjDHFXgyNJR4/7 49pvIdcgt0AxftuwlfN4W0h+8rhRFxNggFpC2dtGLZPhXfYI++s=tA1+ -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201909-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Perl: Multiple vulnerabilities Date: September 06, 2019 Bugs: #653432, #670190 ID: 201909-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/perl < 5.28.2 >= 5.28.2 Description =========== Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.28.2" References ========== [ 1 ] CVE-2018-18311 https://nvd.nist.gov/vuln/detail/CVE-2018-18311 [ 2 ] CVE-2018-18312 https://nvd.nist.gov/vuln/detail/CVE-2018-18312 [ 3 ] CVE-2018-18313 https://nvd.nist.gov/vuln/detail/CVE-2018-18313 [ 4 ] CVE-2018-18314 https://nvd.nist.gov/vuln/detail/CVE-2018-18314 [ 5 ] CVE-2018-6797 https://nvd.nist.gov/vuln/detail/CVE-2018-6797 [ 6 ] CVE-2018-6798 https://nvd.nist.gov/vuln/detail/CVE-2018-6798 [ 7 ] CVE-2018-6913 https://nvd.nist.gov/vuln/detail/CVE-2018-6913 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201909-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3834-1 December 03, 2018 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Perl. Software Description: - perl: Practical Extraction and Report Language Details: Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313) Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: perl 5.26.2-7ubuntu0.1 Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.3 Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.6 Ubuntu 14.04 LTS: perl 5.18.2-2ubuntu1.7 In general, a standard system update will make all the necessary changes. This update provides the corresponding update for Ubuntu 12.04 ESM

Trust: 2.61

sources: NVD: CVE-2018-18313 // JVNDB: JVNDB-2018-012766 // BID: 106072 // VULHUB: VHN-128860 // VULMON: CVE-2018-18313 // PACKETSTORM: 151001 // PACKETSTORM: 151000 // PACKETSTORM: 150523 // PACKETSTORM: 154385 // PACKETSTORM: 150564 // PACKETSTORM: 150565

AFFECTED PRODUCTS

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:perlmodel:perlscope:ltversion:5.26.3

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.5

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.4

Trust: 1.0

vendor:netappmodel:snapdrivescope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.10

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.40

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:the perlmodel:perlscope:ltversion:5.26.3

Trust: 0.8

vendor:perlmodel:perlscope:eqversion:5.12.1

Trust: 0.6

vendor:perlmodel:perlscope:eqversion:5.12.2

Trust: 0.6

vendor:perlmodel:perlscope:eqversion:5.12.0

Trust: 0.6

vendor:redhatmodel:software collections for rhelscope:eqversion:0

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.26

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.24

Trust: 0.3

vendor:perlmodel:perlscope:eqversion:5.22

Trust: 0.3

vendor:perlmodel:perlscope:neversion:5.28.1

Trust: 0.3

vendor:perlmodel:perlscope:neversion:5.26.3

Trust: 0.3

sources: BID: 106072 // JVNDB: JVNDB-2018-012766 // CNNVD: CNNVD-201811-926 // NVD: CVE-2018-18313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18313
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-18313
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201811-926
value: CRITICAL

Trust: 0.6

VULHUB: VHN-128860
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-18313
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-18313
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-128860
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-18313
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-128860 // VULMON: CVE-2018-18313 // JVNDB: JVNDB-2018-012766 // CNNVD: CNNVD-201811-926 // NVD: CVE-2018-18313

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-128860 // JVNDB: JVNDB-2018-012766 // NVD: CVE-2018-18313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-926

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201811-926

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012766

PATCH

title:DSA-4347url:https://www.debian.org/security/2018/dsa-4347

Trust: 0.8

title:regcomp.c: Convert some strchr to memchrurl:https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62

Trust: 0.8

title:USN-3834-1url:https://usn.ubuntu.com/3834-1/

Trust: 0.8

title:USN-3834-2url:https://usn.ubuntu.com/3834-2/

Trust: 0.8

title:Perl Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87327

Trust: 0.6

title:Red Hat: Important: rh-perl526-perl security and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190001 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-perl524-perl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190010 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: perl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3834-2

Trust: 0.1

title:Red Hat: CVE-2018-18313url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-18313

Trust: 0.1

title:Ubuntu Security Notice: perl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3834-1

Trust: 0.1

title:Debian Security Advisories: DSA-4347-1 perl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=9d703224274c60e23b97462e56895757

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=48c2d25ee84d3c5c67f054df5e25d685

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=4ee609eeae78bbbd0d0c827f33a7f87f

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61

Trust: 0.1

title: - url:https://github.com/D5n9sMatrix/perltoc

Trust: 0.1

title: - url:https://github.com/imhunterand/hackerone-publicy-disclosed

Trust: 0.1

sources: VULMON: CVE-2018-18313 // JVNDB: JVNDB-2018-012766 // CNNVD: CNNVD-201811-926

EXTERNAL IDS

db:NVDid:CVE-2018-18313

Trust: 3.5

db:SECTRACKid:1042181

Trust: 1.8

db:JVNDBid:JVNDB-2018-012766

Trust: 0.8

db:CNNVDid:CNNVD-201811-926

Trust: 0.7

db:PACKETSTORMid:154385

Trust: 0.7

db:PACKETSTORMid:152222

Trust: 0.6

db:AUSCERTid:ESB-2019.0990

Trust: 0.6

db:BIDid:106072

Trust: 0.3

db:VULHUBid:VHN-128860

Trust: 0.1

db:VULMONid:CVE-2018-18313

Trust: 0.1

db:PACKETSTORMid:151001

Trust: 0.1

db:PACKETSTORMid:151000

Trust: 0.1

db:PACKETSTORMid:150523

Trust: 0.1

db:PACKETSTORMid:150564

Trust: 0.1

db:PACKETSTORMid:150565

Trust: 0.1

sources: VULHUB: VHN-128860 // VULMON: CVE-2018-18313 // BID: 106072 // PACKETSTORM: 151001 // PACKETSTORM: 151000 // PACKETSTORM: 150523 // PACKETSTORM: 154385 // PACKETSTORM: 150564 // PACKETSTORM: 150565 // JVNDB: JVNDB-2018-012766 // CNNVD: CNNVD-201811-926 // NVD: CVE-2018-18313

REFERENCES

url:https://bugzilla.redhat.com/show_bug.cgi?id=1646738

Trust: 2.9

url:https://github.com/perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62

Trust: 2.1

url:https://access.redhat.com/errata/rhsa-2019:0001

Trust: 2.0

url:https://security.gentoo.org/glsa/201909-01

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:0010

Trust: 1.9

url:https://usn.ubuntu.com/3834-2/

Trust: 1.9

url:https://seclists.org/bugtraq/2019/mar/42

Trust: 1.8

url:https://metacpan.org/changes/release/shay/perl-5.26.3

Trust: 1.8

url:https://rt.perl.org/ticket/display.html?id=133192

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190221-0003/

Trust: 1.8

url:https://support.apple.com/kb/ht209600

Trust: 1.8

url:https://www.debian.org/security/2018/dsa-4347

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/mar/49

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.8

url:http://www.securitytracker.com/id/1042181

Trust: 1.8

url:https://usn.ubuntu.com/3834-1/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-18313

Trust: 1.4

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18313

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-18311

Trust: 0.6

url:https://support.apple.com/en-au/ht209600

Trust: 0.6

url:https://www.auscert.org.au/bulletins/77806

Trust: 0.6

url:https://support.apple.com/en-us/ht209600

Trust: 0.6

url:https://packetstormsecurity.com/files/152222/apple-security-advisory-2019-3-25-2.html

Trust: 0.6

url:https://packetstormsecurity.com/files/154385/gentoo-linux-security-advisory-201909-01.html

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-18313

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-18312

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-18314

Trust: 0.5

url:www.perl.org

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-18311

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-18312

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-18314

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://usn.ubuntu.com/usn/usn-3834-1

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=59234

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/perl

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-6913

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-6797

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-6798

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.7

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/perl/5.26.2-7ubuntu0.1

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3834-2

Trust: 0.1

sources: VULHUB: VHN-128860 // VULMON: CVE-2018-18313 // BID: 106072 // PACKETSTORM: 151001 // PACKETSTORM: 151000 // PACKETSTORM: 150523 // PACKETSTORM: 154385 // PACKETSTORM: 150564 // PACKETSTORM: 150565 // JVNDB: JVNDB-2018-012766 // CNNVD: CNNVD-201811-926 // NVD: CVE-2018-18313

CREDITS

Apple,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201811-926

SOURCES

db:VULHUBid:VHN-128860
db:VULMONid:CVE-2018-18313
db:BIDid:106072
db:PACKETSTORMid:151001
db:PACKETSTORMid:151000
db:PACKETSTORMid:150523
db:PACKETSTORMid:154385
db:PACKETSTORMid:150564
db:PACKETSTORMid:150565
db:JVNDBid:JVNDB-2018-012766
db:CNNVDid:CNNVD-201811-926
db:NVDid:CVE-2018-18313

LAST UPDATE DATE

2025-08-29T20:05:19.653000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-128860date:2020-07-15T00:00:00
db:VULMONid:CVE-2018-18313date:2023-11-07T00:00:00
db:BIDid:106072date:2018-11-05T00:00:00
db:JVNDBid:JVNDB-2018-012766date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201811-926date:2021-10-29T00:00:00
db:NVDid:CVE-2018-18313date:2024-11-21T03:55:41.177

SOURCES RELEASE DATE

db:VULHUBid:VHN-128860date:2018-12-07T00:00:00
db:VULMONid:CVE-2018-18313date:2018-12-07T00:00:00
db:BIDid:106072date:2018-11-05T00:00:00
db:PACKETSTORMid:151001date:2019-01-03T02:57:52
db:PACKETSTORMid:151000date:2019-01-03T02:57:21
db:PACKETSTORMid:150523date:2018-11-30T15:01:16
db:PACKETSTORMid:154385date:2019-09-06T22:21:33
db:PACKETSTORMid:150564date:2018-12-03T21:10:16
db:PACKETSTORMid:150565date:2018-12-03T21:10:24
db:JVNDBid:JVNDB-2018-012766date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201811-926date:2018-11-30T00:00:00
db:NVDid:CVE-2018-18313date:2018-12-07T21:29:00.717