FreeBSD : perl -- multiple vulnerabilities (41c96ffd-29a6-4dcc-9a88-65f5038fa6eb)
critical Nessus Plugin ID 109051
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
perldelta :CVE-2018-6797: heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written. [perl #132227]
CVE-2018-6798: Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
Matching a crafted locale dependent regular expression could cause a heap buffer read overflow and potentially information disclosure.
[perl #132063]
CVE-2018-6913: heap-buffer-overflow in S_pack_rec
pack() could cause a heap buffer write overflow with a large item count. [perl #131844]
Solution
Update the affected packages.See Also
https://metacpan.org/changes/release/SHAY/perl-5.26.2
Plugin Details
Severity: Critical
ID: 109051
File Name: freebsd_pkg_41c96ffd29a64dcc9a8865f5038fa6eb.nasl
Version: 1.4
Type: local
Family: FreeBSD Local Security Checks
Published: 4/16/2018
Updated: 11/10/2018
Dependencies: ssh_get_info.nasl
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*, p-cpe:2.3:a:freebsd:freebsd:perl5:*:*:*:*:*:*:*
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 4/15/2018
Vulnerability Publication Date: 4/14/2018