Detections
Analytics
Alpine: miniperl, multiple perl packages: security update to 5.26.1-r1 (deprecated)
critical Tenable Cloud Security Plugin ID 400733
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based
buffer overflow, with control over the bytes written. (CVE-2018-6797)
- An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression
can cause a heap-based buffer over-read and potentially information disclosure. (CVE-2018-6798)
- Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers
to execute arbitrary code via a large item count. (CVE-2018-6913)
See Also
https://git.alpinelinux.org/aports/commit/?id=b016cc93af3bf95f617ec73a5e75228aed3235fc
https://git.alpinelinux.org/aports/commit/?id=cd27b2298e02bca35ca626dfa67323a96cb251e4
Plugin Details
Severity: Critical
ID: 400733
Version: Revision 1.25
Type: Local
Published: 8/16/2023
Updated: 4/1/2024
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2018-6913
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 4/17/2018
Vulnerability Publication Date: 4/14/2018
Reference Information
CVE: CVE-2018-6797, CVE-2018-6798, CVE-2018-6913
BID: 103953