CVE-2020-10878

Опубликовано: 05 июн. 2020

Источник: nvd

CVSS3: 8.6

CVSS2: 7.5

EPSS Низкий

Описание

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
Mailing List
Third Party Advisory
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
Third Party Advisory
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
Patch
Third Party Advisory
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
Patch
Third Party Advisory
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
https://security.gentoo.org/glsa/202006-03
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200611-0001/
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
Mailing List
Third Party Advisory
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
Third Party Advisory
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
Patch
Third Party Advisory
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
Patch
Third Party Advisory
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*

Версия до 5.30.3 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.5.0 (включая)

cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*

Версия от 16.1.0 (включая) до 16.4.0 (включая)

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*

Версия от 13.1 (включая) до 13.4 (включая)

cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*

Версия от 10.3.0.0.0 (включая) до 10.3.0.2.1 (включая)

cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*

Версия от 10.4.0.1.0 (включая) до 10.4.0.3.1 (включая)

cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.7.1 (включая)

EPSS

Процентиль: 30%

0.00107

Низкий

8.6 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2020-10878

CVSS3: 8.6

ubuntu

больше 5 лет назад

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario.]

CVE-2020-10878

CVSS3: 8.6

redhat

больше 5 лет назад

CVE-2020-10878

CVSS3: 8.6

debian

больше 5 лет назад

Perl before 5.30.3 has an integer overflow related to mishandling of a ...

BDU:2020-04040

CVSS3: 8.6

fstec

больше 5 лет назад

Уязвимость параметра PL_regkind[OP(n)] == NOTHING интерпретатора языка программирования Perl, позволяющая нарушителю выполнить произвольный код

RLSA-2021:1678

rocky

больше 4 лет назад

Moderate: perl security and bug fix update

EPSS

Процентиль: 30%

0.00107

Низкий

8.6 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190