Heap-based buffer over-read in perl (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-6798 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
perl (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Heap-based buffer over-read
EUVDB-ID: #VU11834
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6798
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information or execute arbitrary code on the target system.
The weakness exists due to heap-based buffer over-read. A local attacker can exploit a specially crafted locale dependent regular expression, trigger memory corruption and gain access to potentially sensitive information or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsperl (Alpine package): 5.24.3-r1
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=22ea72268934176905fbf70461eb7a7210be1a76
https://git.alpinelinux.org/aports/commit/?id=f78615592ddca9ab00bdcc95ff939df19b557ca6
https://git.alpinelinux.org/aports/commit/?id=b016cc93af3bf95f617ec73a5e75228aed3235fc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
