rpm package
suse/perl&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-12015 | — | < 5.18.2-12.14.1 | 5.18.2-12.14.1 | Jun 7, 2018 | In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. | ||
| CVE-2018-6913 | — | < 5.18.2-12.11.1 | 5.18.2-12.11.1 | Apr 17, 2018 | Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. | ||
| CVE-2018-6798 | — | < 5.18.2-12.11.1 | 5.18.2-12.11.1 | Apr 17, 2018 | An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. | ||
| CVE-2018-6797 | — | < 5.18.2-12.11.1 | 5.18.2-12.11.1 | Apr 17, 2018 | An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. | ||
| CVE-2017-12883 | Cri | 9.1 | < 5.18.2-12.3.1 | 5.18.2-12.3.1 | Sep 19, 2017 | Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+ | |
| CVE-2017-12837 | Hig | 7.5 | < 5.18.2-12.3.1 | 5.18.2-12.3.1 | Sep 19, 2017 | Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. | |
| CVE-2017-6512 | Med | 5.9 | < 5.18.2-12.3.1 | 5.18.2-12.3.1 | Jun 1, 2017 | Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. |
- CVE-2018-12015Jun 7, 2018affected < 5.18.2-12.14.1fixed 5.18.2-12.14.1
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
- CVE-2018-6913Apr 17, 2018affected < 5.18.2-12.11.1fixed 5.18.2-12.11.1
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
- CVE-2018-6798Apr 17, 2018affected < 5.18.2-12.11.1fixed 5.18.2-12.11.1
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
- CVE-2018-6797Apr 17, 2018affected < 5.18.2-12.11.1fixed 5.18.2-12.11.1
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
- affected < 5.18.2-12.3.1fixed 5.18.2-12.3.1
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+
- affected < 5.18.2-12.3.1fixed 5.18.2-12.3.1
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
- affected < 5.18.2-12.3.1fixed 5.18.2-12.3.1
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.