Vulnerability CVE-2020-10878: Information
Description
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
Severity: HIGH (8.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
perl | sisyphus | 5.30.3-alt1 | 5.38.2-alt0.2 | ALT-PU-2020-2905-1 | 259030 | Fixed |
perl | p10 | 5.30.3-alt1 | 5.34.0-alt1 | ALT-PU-2020-2905-1 | 259030 | Fixed |
perl | p9 | 5.28.3-alt1 | 5.28.3-alt1 | ALT-PU-2020-3414-1 | 261964 | Fixed |
perl | c10f1 | 5.30.3-alt1 | 5.34.0-alt1 | ALT-PU-2020-2905-1 | 259030 | Fixed |
perl | c9f2 | 5.28.3-alt1 | 5.28.3-alt1 | ALT-PU-2020-3343-1 | 261994 | Fixed |