Home

CVE-2018-18313

Description

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
4.14

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Netapp Snapcenter -Windows
Multiple vulnerabilities are fixed in macOS Mojave 10.14.4Mac
Multiple vulnerabilities are fixed in macOS Mojave 10.14.4 Combo UpdateMac
Practical Extraction and Report Language (USN-3684-1) perl_5.18.2-2ubuntu1.7_amd64.debLinux
Practical Extraction and Report Language (USN-3684-1) perl_5.18.2-2ubuntu1.7_i386.debLinux
Practical Extraction and Report Language (USN-3684-1) perl_5.22.1-9ubuntu0.6_amd64.debLinux
Practical Extraction and Report Language (USN-3684-1) perl_5.22.1-9ubuntu0.6_i386.debLinux
Practical Extraction and Report Language (USN-3684-1) perl_5.26.1-6ubuntu0.3_amd64.debLinux
Practical Extraction and Report Language (USN-3684-1) perl_5.26.1-6ubuntu0.3_i386.debLinux
Practical Extraction and Report Language (USN-3834-1) perl_5.18.2-2ubuntu1.7_i386.debLinux
Practical Extraction and Report Language (USN-3834-1) perl_5.18.2-2ubuntu1.7_amd64.debLinux
Practical Extraction and Report Language (USN-3834-1) perl_5.22.1-9ubuntu0.6_i386.debLinux
Practical Extraction and Report Language (USN-3834-1) perl_5.22.1-9ubuntu0.6_amd64.debLinux
Practical Extraction and Report Language (USN-3834-1) perl_5.26.1-6ubuntu0.3_i386.debLinux
Practical Extraction and Report Language (USN-3834-1) perl_5.26.1-6ubuntu0.3_amd64.debLinux
Practical Extraction and Report Language (USN-3834-1) perl_5.26.2-7ubuntu0.1_i386.debLinux
Practical Extraction and Report Language (USN-3834-1) perl_5.26.2-7ubuntu0.1_amd64.debLinux
perl security update(DSA-4226-1) perl_5.24.1-3+deb9u5_i386.debLinux
perl security update(DSA-4226-1) perl_5.24.1-3+deb9u5_amd64.debLinux
Out-of-bounds Read Vulnerability (CVE-2018-18313)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-602004macOS Mojave 10.14.6
PATCH-602005macOS Mojave 10.14.6 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234