VDB
CVE-2018-6797
CVE-2018-6797
PUBLISHED
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
EPSS 1.48% · 81.3th percentile
Risk Scores
EPSS Score
1.48%
81.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | perl | 0, 5.20.2-6, 5.22.1-3 |
| Ubuntu:Pro:14.04:LTS | perl | 5.18.2-2ubuntu1.4, 5.18.2-2ubuntu1.7, 5.18.2-2ubuntu1.7+esm3 |
Exploit Intelligence
- CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written (hackerone)
- CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written (hackerone)
- CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written (hackerone)
- Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak (hackerone)
- Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak (hackerone)
- Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) could lead to memory leak (hackerone)
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
…and 3 more exploits
Timeline
- CVE Published
- May 19, 2018 PoC Published
- Oct 24, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Dec 5, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-6797 third-party-advisory
- https://ubuntu.com/security/notices/USN-3625-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-6797 third-party-advisory