CVE-2018-18311
Description
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21- Range: <5.26.3 || >=5.28.0 <5.28.1
- osv-coords20 versionspkg:rpm/opensuse/perl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/perl&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/perl&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/perl&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/perl&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/perl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 5.34.0-1.1+ 19 more
- (no CPE)range: < 5.34.0-1.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.26.1-7.6.1
- (no CPE)range: < 5.26.1-7.6.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
- (no CPE)range: < 5.18.2-12.20.1
Patches
Vulnerability mechanics
Root cause
"The Perl_my_setenv() function did not properly handle potential integer overflows when calculating memory allocations for environment variables."
Attack vector
An attacker can trigger this vulnerability by providing a crafted regular expression to Perl. This crafted input leads to invalid write operations within the Perl interpreter, specifically during the handling of environment variables. The overflow occurs when calculating the size of memory to allocate for environment variables, potentially leading to a crash or other unintended behavior.
Affected code
The vulnerability resides in the Perl_my_setenv() function, specifically in the logic that calculates and allocates memory for environment variables. The patch modifies this function by replacing direct memory allocation calls with calls to the new S_env_alloc() helper function, which includes overflow checks.
What the fix does
The patch introduces a new helper function, S_env_alloc(), which is used by Perl_my_setenv(). This new function explicitly checks for integer overflows when calculating the total size of memory to allocate by summing up individual size components. If an overflow is detected during these calculations, it calls croak_memory_wrap() to prevent the invalid memory allocation and subsequent invalid write operations.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
28- access.redhat.com/errata/RHBA-2019:0327mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:0001mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:0010mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:0109mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:1790mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:1942mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:2400mitrevendor-advisoryx_refsource_REDHAT
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/201909-01mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3834-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3834-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4347mitrevendor-advisoryx_refsource_DEBIAN
- seclists.org/fulldisclosure/2019/Mar/49mitremailing-listx_refsource_FULLDISC
- www.securityfocus.com/bid/106145mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1042181mitrevdb-entryx_refsource_SECTRACK
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194bemitrex_refsource_CONFIRM
- kc.mcafee.com/corporate/indexmitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/11/msg00039.htmlmitremailing-listx_refsource_MLIST
- metacpan.org/changes/release/SHAY/perl-5.26.3mitrex_refsource_CONFIRM
- metacpan.org/changes/release/SHAY/perl-5.28.1mitrex_refsource_CONFIRM
- rt.perl.org/Ticket/Display.htmlmitrex_refsource_CONFIRM
- seclists.org/bugtraq/2019/Mar/42mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20190221-0003/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT209600mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuapr2020.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujul2020.htmlmitrex_refsource_MISC
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.