Vulnerability CVE-2020-10878: Information

Description

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Severity: HIGH (8.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-10878
Published: June 5, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
perlsisyphus5.30.3-alt15.38.2-alt0.2ALT-PU-2020-2905-1259030Fixed
perlp105.30.3-alt15.34.0-alt1ALT-PU-2020-2905-1259030Fixed
perlp95.28.3-alt15.28.3-alt1ALT-PU-2020-3414-1261964Fixed
perlc10f15.30.3-alt15.34.0-alt1ALT-PU-2020-2905-1259030Fixed
perlc9f25.28.3-alt15.28.3-alt1ALT-PU-2020-3343-1261994Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
  • Patch
  • Third Party Advisory
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
  • Patch
  • Third Party Advisory
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
  • Patch
  • Third Party Advisory
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20200611-0001/
  • Third Party Advisory
GLSA-202006-03
  • Third Party Advisory
openSUSE-SU-2020:0850
  • Mailing List
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
  • Patch
  • Third Party Advisory
N/A
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
  • Patch
  • Third Party Advisory
FEDORA-2020-fd73c08076

      1. Configuration 1

        cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
        End excliding
        5.30.3

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

        Configuration 3

        cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

        Configuration 4

        cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

        Configuration 5

        cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
        Start including
        8.0.0
        End including
        8.5.0
        cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*
        Start including
        7.4.0
        End including
        7.7.1
        cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*
        Start including
        13.1
        End including
        13.4
        cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*
        Start including
        16.1.0
        End including
        16.4.0
        cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*
        Start including
        10.4.0.1.0
        End including
        10.4.0.3.1
        cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*
        Start including
        10.3.0.0.0
        End including
        10.3.0.2.1
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top