CVE-2020-10543

Опубликовано: 05 июн. 2020

Источник: nvd

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
Mailing List
Third Party Advisory
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
Third Party Advisory
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
Third Party Advisory
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
https://security.gentoo.org/glsa/202006-03
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200611-0001/
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
Mailing List
Third Party Advisory
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
Third Party Advisory
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
Third Party Advisory
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
https://security.gentoo.org/glsa/202006-03
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:perl:perl:*:*:*:*:*:*:x86:*

Версия до 5.30.3 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.5.0 (включая)

cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*

Версия от 16.1.0 (включая) до 16.4.0 (включая)

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*

Версия от 13.1 (включая) до 13.4 (включая)

cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*

Версия от 10.3.0.0.0 (включая) до 10.3.0.2.1 (включая)

cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*

Версия от 10.4.0.1.0 (включая) до 10.4.0.3.1 (включая)

cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.7.1 (включая)

EPSS

Процентиль: 88%

0.03944

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2020-10543

CVSS3: 8.2

ubuntu

больше 5 лет назад

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario. Additionally, the target system needs a sufficient amount of memory to allocate partial expansions of the nested quantifiers prior to the overflow occurring. This requirement is unlikely to be met on 64bit systems.]

CVE-2020-10543

CVSS3: 8.2

redhat

больше 5 лет назад

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2020-10543

CVSS3: 8.2

debian

больше 5 лет назад

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over ...

BDU:2020-04039

CVSS3: 8.2

fstec

больше 5 лет назад

Уязвимость интерпретатора языка программирования Perl, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

RLSA-2021:1678

rocky

больше 4 лет назад

Moderate: perl security and bug fix update

EPSS

Процентиль: 88%

0.03944

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-190