Bug 1646738 (CVE-2018-18313) - CVE-2018-18313 perl: Heap-based buffer read overflow in S_grok_bslash_N()
Summary: CVE-2018-18313 perl: Heap-based buffer read overflow in S_grok_bslash_N()
Status: NEW
Alias: CVE-2018-18313
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20181129,reported=2...
Keywords: Security
Depends On: 1653525 1653526 1654924 1656293 1654921 1660192 1660195
Blocks: 1646752
TreeView+ depends on / blocked
 
Reported: 2018-11-05 22:47 UTC by Laura Pardo
Modified: 2019-01-25 13:05 UTC (History)
30 users (show)

Fixed In Version: perl 5.26.3, perl 5.28.1
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:0001 None None None 2019-01-02 13:29 UTC
Red Hat Product Errata RHSA-2019:0010 None None None 2019-01-02 16:13 UTC

Description Laura Pardo 2018-11-05 22:47:38 UTC
A flaw was found in Perl versions 5.22 through 5.26. Heap-buffer-overflow read in regcomp.c


Upstream Patch:
https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62

Comment 1 Doran Moppert 2018-11-23 03:57:54 UTC
Upstream ticket:

https://rt.perl.org/Public/Bug/Display.html?id=133192

Comment 4 Doran Moppert 2018-11-27 01:57:56 UTC
Downgrading severity based on:

 - significant control over a regex gives a number of vectors to deny service, if not evaluate code
 - information disclosure potential is through error messages, which should not be disclosed to attackers from secure systems

Comment 6 Doran Moppert 2018-11-27 03:47:48 UTC
Acknowledgments:

Name: the Perl project
Upstream: Eiichi Tsukata

Comment 7 Doran Moppert 2018-11-30 03:18:38 UTC
Created perl tracking bugs for this issue:

Affects: fedora-all [bug 1654921]

Comment 9 errata-xmlrpc 2019-01-02 13:29:32 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0001

Comment 10 errata-xmlrpc 2019-01-02 16:13:23 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2019:0010 https://access.redhat.com/errata/RHSA-2019:0010

Comment 11 Paul Harvey 2019-01-25 13:05:58 UTC
openshift-enterprise-3: notaffected. I reviewed OpenShift containers for applications with dependencies on perl and was unable to identify any where the perl interpreter would be exposed to attacker-controlled regular expressions which could expose this flaw. There is a perl dependency in our MariaDB packaging, however the only non-test related perl usage is in a backup script (mysqlhotcopy) which is not exposed to attacker-controlled regular expressions. I have not filed trackers as these images will inherit the existing perl fixes next time they are respun. See also https://access.redhat.com/articles/2803031


Note You need to log in before you can comment on or make changes to this bug.