Perl Function Integer / Heap Overflows

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl’s hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl’s most common applications are system administration utilities and web programming.

Multiple vulnerabilities were discovered in the implementation of the Perl programming language. A local user can obtain potentially sensitive information. A remote user can execute arbitrary code on the target system in certain cases.The Common Vulnerabilities and Exposures project identifies the following problems:

• [CVE-2018-12015] Directory traversal in module Archive::Tar
  By default, Archive::Tar doesn’t allow extracting files outside the current working directory. However, this secure extraction mode could be bypassed by putting a symlink and a regular file with the same name into the tar file.
• [CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault
  Integer arithmetic in Perl_my_setenv() could wrap when the combined length of the environment variable name and value exceeded around 0x7fffffff. This could lead to writing beyond the end of an allocated buffer with attacker supplied data.
• [CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c)
  A crafted regular expression could cause heap-buffer-overflow write during compilation, potentially allowing arbitrary code execution.
• [CVE-2018-18313] Heap-buffer-overflow read in S_grok_bslash_N (regcomp.c)
  A crafted regular expression could cause heap-buffer-overflow read during compilation, potentially leading to sensitive information being leaked.
• [CVE-2018-18314] Heap-buffer-overflow write in S_regatom (regcomp.c)
  A crafted regular expression could cause heap-buffer-overflow write during compilation, potentially allowing arbitrary code execution.