CVE-2018-18313
Description
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <5.26.3
- osv-coords2 versionspkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015
< 5.26.1-7.6.1+ 1 more
- (no CPE)range: < 5.26.1-7.6.1
- (no CPE)range: < 5.26.1-7.6.1
Patches
Vulnerability mechanics
Root cause
"A buffer over-read occurs in Perl's regular expression compilation when processing certain crafted patterns."
Attack vector
An attacker can trigger this vulnerability by providing a specially crafted regular expression to Perl's regex engine. This crafted input causes the engine to perform an out-of-bounds read from process memory. The vulnerability is triggered during the compilation phase of the regular expression, specifically when parsing constructs like \N{...} or character classes with braces [].
Affected code
The vulnerability resides in the `regcomp.c` file within Perl's source code. Specifically, the functions `S_grok_bslash_N`, `S_regatom`, and `S_regclass` are affected. The patch modifies these functions to use `memchr` instead of `strchr` for searching for closing braces, limiting the search to the valid buffer boundaries [ref_id=1].
What the fix does
The patch replaces calls to `strchr` with `memchr` when searching for a closing brace '}'. The `memchr` function is used with a length argument derived from `RExC_end - RExC_parse`, ensuring that the search is bounded by the available memory. This prevents the `strchr` function from reading past the end of the allocated buffer, thus mitigating the buffer over-read vulnerability [ref_id=1].
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
17- access.redhat.com/errata/RHSA-2019:0001mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:0010mitrevendor-advisoryx_refsource_REDHAT
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/201909-01mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3834-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3834-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4347mitrevendor-advisoryx_refsource_DEBIAN
- seclists.org/fulldisclosure/2019/Mar/49mitremailing-listx_refsource_FULLDISC
- www.securitytracker.com/id/1042181mitrevdb-entryx_refsource_SECTRACK
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62mitrex_refsource_CONFIRM
- metacpan.org/changes/release/SHAY/perl-5.26.3mitrex_refsource_CONFIRM
- rt.perl.org/Ticket/Display.htmlmitrex_refsource_CONFIRM
- seclists.org/bugtraq/2019/Mar/42mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20190221-0003/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT209600mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpujul2020.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.