A flaw was found in Perl 5. A heap write overflow in regcomp.c file might be exploited when a perl program allows user input of patterns. A crafted regular expression can cause the heap buffer overflow, with control over the bytes written.
Reproducer: $ perl -e 'qr/0b\N{U+41}\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF/i' realloc(): invalid next size Aborted (core dumped)
Perl 5 Porters published the fix for Perl 5.26.1 at: https://perl5.git.perl.org/perl.git/commit/8e6f44c90c7fa1f63c19a44c45482b09a407e15b https://perl5.git.perl.org/perl.git/commit/fa889a389ebb8e63782a3697775aa42c63a8f0cd https://perl5.git.perl.org/perl.git/commit/8b80ce67ff257aaa36e47eaf4194d27a51595524 https://perl5.git.perl.org/perl.git/commit/ae187cb6c87b079045274f298fdcf426e4a6404b and in Perl-5.26.2-RC1 and 5.24.4-RC1 tar balls.
(In reply to Petr Pisar from comment #2) > Perl 5 Porters published the fix for Perl 5.26.1 at: > > <https://perl5.git.perl.org/perl.git/commit/ > 8e6f44c90c7fa1f63c19a44c45482b09a407e15b> > <https://perl5.git.perl.org/perl.git/commit/ > fa889a389ebb8e63782a3697775aa42c63a8f0cd> > <https://perl5.git.perl.org/perl.git/commit/ > 8b80ce67ff257aaa36e47eaf4194d27a51595524> > <https://perl5.git.perl.org/perl.git/commit/ > ae187cb6c87b079045274f298fdcf426e4a6404b> > > and in Perl-5.26.2-RC1 and 5.24.4-RC1 tar balls. Sorry. These four patches were for CVE-2018-6798. Perl 5 Porters published the CVE-2018-6797 fix for Perl 5.26.1 at https://perl5.git.perl.org/perl.git/commit/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51 and in Perl-5.26.2-RC1 and 5.24.4-RC1 tar balls.
Created perl tracking bugs for this issue: Affects: fedora-all [bug 1567778]
Statement: Versions of the perl interpreter older than 5.18 are not vulnerable. As a result, the versions of perl as shipped in Red Hat Enterprise Linux version 7, 6 and 5 are not affected by this vulnerability.
External References: https://rt.perl.org/Public/Bug/Display.html?id=132227
Acknowledgments: Name: Perl 5 Porters Upstream: Brian Carpenter
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Via RHSA-2018:1192 https://access.redhat.com/errata/RHSA-2018:1192