VulnerableCode Package Details - pkg:deb/ubuntu/perl@5.24.1-2ubuntu1.1

Search for packages

Package details: pkg:deb/ubuntu/perl@5.24.1-2ubuntu1.1

Essentials
History (0)

purl	pkg:deb/ubuntu/perl@5.24.1-2ubuntu1.1

Next non-vulnerable version	5.30.0-9ubuntu0.2
Latest non-vulnerable version	5.30.0-9ubuntu0.2
Risk	4.4

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-9xrd-cjuq-aaar Aliases: CVE-2018-18314	Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.	5.26.1-6ubuntu0.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gxwj-pauu-aaab Aliases: CVE-2018-12015	In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.	5.26.1-6ubuntu0.1 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-j9vg-x3e1-aaah Aliases: CVE-2020-10543	Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.	5.30.0-9ubuntu0.2 Affected by 0 other vulnerabilities.
VCID-nj9u-9t22-aaah Aliases: CVE-2018-18313	Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.	5.26.1-6ubuntu0.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ns93-adpj-aaap Aliases: CVE-2020-12723	regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.	5.30.0-9ubuntu0.2 Affected by 0 other vulnerabilities.
VCID-sk12-259u-aaaf Aliases: CVE-2020-10878	Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.	5.30.0-9ubuntu0.2 Affected by 0 other vulnerabilities.
VCID-t2za-x4m7-aaae Aliases: CVE-2018-18311	Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.	5.26.1-6ubuntu0.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-uqwt-sjy8-aaae Aliases: CVE-2018-18312	Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.	5.26.1-6ubuntu0.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x6nw-5wtg-aaaa Aliases: CVE-2021-36770	Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the \|\| operator evaluates @INC in a scalar context, and thus @INC has only an integer value.	5.30.0-9ubuntu0.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version