Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. https://nvd.nist.gov/vuln/detail/CVE-2018-18311