Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. https://nvd.nist.gov/vuln/detail/CVE-2018-18313