Disclosing several CVEs


With the release of 5.24.4 and 5.26.2, I hereby moved the following
CVE-related RT tickets:

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

I want to thank the reporters of the issues (for their discovery,
reporting, and patience), our vendors for their patience and support,
for the people who worked on resolving this issues, and the security team.

Sawyer X.
4/14/2018 2:10:52 PM
perl.perl5.porters 47418 articles. 0 followers. Follow

0 Replies

Similar Articles

[PageSpeed] 26