Vulnerability CVE-2020-10543: Information
Description
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
Severity: HIGH (8.2) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Published: June 5, 2020
Modified: Nov. 7, 2023
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
perl | sisyphus | 5.30.3-alt1 | 5.38.2-alt0.2 | ALT-PU-2020-2905-1 | 259030 | Fixed |
perl | p10 | 5.30.3-alt1 | 5.34.0-alt1 | ALT-PU-2020-2905-1 | 259030 | Fixed |
perl | p9 | 5.28.3-alt1 | 5.28.3-alt1 | ALT-PU-2020-3414-1 | 261964 | Fixed |
perl | c10f1 | 5.30.3-alt1 | 5.34.0-alt1 | ALT-PU-2020-2905-1 | 259030 | Fixed |
perl | c9f2 | 5.28.3-alt1 | 5.28.3-alt1 | ALT-PU-2020-3343-1 | 261994 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 |
|
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed |
|
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod |
|
https://security.netapp.com/advisory/ntap-20200611-0001/ |
|
GLSA-202006-03 |
|
openSUSE-SU-2020:0850 |
|
https://www.oracle.com/security-alerts/cpuoct2020.html |
|
https://www.oracle.com/security-alerts/cpujan2021.html |
|
https://www.oracle.com/security-alerts/cpuApr2021.html |
|
N/A |
|
https://www.oracle.com/security-alerts/cpuoct2021.html |
|
https://www.oracle.com/security-alerts/cpujan2022.html |
|
https://www.oracle.com/security-alerts/cpuapr2022.html |
|
FEDORA-2020-fd73c08076 |