{
  "threat_severity" : "Important",
  "public_date" : "2018-11-29T00:00:00Z",
  "bugzilla" : {
    "description" : "perl: Integer overflow leading to buffer overflow in Perl_my_setenv()",
    "id" : "1646730",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-190->CWE-120",
  "details" : [ "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations." ],
  "statement" : "This vulnerability is present in versions of perl included with Red Hat Virtualization Hypervisor and Management Appliance, however it is not exposed in any meaningful way. Perl is only included in these images as a dependency of components which do not manipulate ENV, and are not exposed to user input. A future update may address this issue.",
  "acknowledgement" : "Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-01-21T00:00:00Z",
    "advisory" : "RHSA-2019:0109",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "perl-4:5.16.3-294.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2019-08-07T00:00:00Z",
    "advisory" : "RHSA-2019:2400",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "perl-4:5.16.3-291.el7_3.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Telco Extended Update Support",
    "release_date" : "2019-08-07T00:00:00Z",
    "advisory" : "RHSA-2019:2400",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.3",
    "package" : "perl-4:5.16.3-291.el7_3.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions",
    "release_date" : "2019-08-07T00:00:00Z",
    "advisory" : "RHSA-2019:2400",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.3",
    "package" : "perl-4:5.16.3-291.el7_3.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Extended Update Support",
    "release_date" : "2019-07-30T00:00:00Z",
    "advisory" : "RHSA-2019:1942",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.4",
    "package" : "perl-4:5.16.3-292.el7_4.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2019-07-16T00:00:00Z",
    "advisory" : "RHSA-2019:1790",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "perl-4:5.16.3-292.el7_5.1"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0010",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6",
    "package" : "rh-perl524-perl-4:5.24.0-381.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0001",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl526-perl-4:5.26.3-405.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0001",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl526-perl-Module-CoreList-1:5.20181130-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0010",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl524-perl-4:5.24.0-381.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0001",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl526-perl-4:5.26.3-405.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0001",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl526-perl-Module-CoreList-1:5.20181130-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0010",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl524-perl-4:5.24.0-381.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0001",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl526-perl-4:5.26.3-405.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0001",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl526-perl-Module-CoreList-1:5.20181130-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0010",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl524-perl-4:5.24.0-381.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0001",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl526-perl-4:5.26.3-405.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0001",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl526-perl-Module-CoreList-1:5.20181130-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2019-01-02T00:00:00Z",
    "advisory" : "RHSA-2019:0010",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-perl524-perl-4:5.24.0-381.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "perl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "perl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "perl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "perl:5.24/perl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat OpenShift Enterprise 3",
    "fix_state" : "Not affected",
    "package_name" : "perl",
    "cpe" : "cpe:/a:redhat:openshift:3"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Will not fix",
    "package_name" : "redhat-virtualization-host",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Will not fix",
    "package_name" : "rhvm-appliance",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4",
    "impact" : "low"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-18311\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18311" ],
  "name" : "CVE-2018-18311",
  "csaw" : false
}