CVE-2020-12723

Опубликовано: 05 июн. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
Mailing List
Third Party Advisory
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
Third Party Advisory
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
Patch
Third Party Advisory
https://github.com/Perl/perl5/issues/16947
Third Party Advisory
https://github.com/Perl/perl5/issues/17743
Third Party Advisory
https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
https://security.gentoo.org/glsa/202006-03
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200611-0001/
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
Mailing List
Third Party Advisory
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
Third Party Advisory
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
Patch
Third Party Advisory
https://github.com/Perl/perl5/issues/16947
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*

Версия до 5.30.3 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.5.0 (включая)

cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*

Версия от 16.1.0 (включая) до 16.4.0 (включая)

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*

Версия от 13.1 (включая) до 13.4 (включая)

cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*

Версия от 10.3.0.0.0 (включая) до 10.3.0.2.1 (включая)

cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*

Версия от 10.4.0.1.0 (включая) до 10.4.0.3.1 (включая)

cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.7.1 (включая)

EPSS

Процентиль: 41%

0.00191

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-120

Связанные уязвимости

CVE-2020-12723

CVSS3: 7.5

ubuntu

больше 5 лет назад

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario.]

CVE-2020-12723

CVSS3: 7.5

redhat

больше 5 лет назад

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-12723

CVSS3: 7.5

debian

больше 5 лет назад

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...

ELSA-2021-0557

oracle-oval

почти 5 лет назад

ELSA-2021-0557: perl:5.26 security update (MODERATE)

BDU:2020-04041

CVSS3: 7.5

fstec

больше 5 лет назад

Уязвимость реализации функции S_study_chunk интерпретатора языка программирования Perl, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 41%

0.00191

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-120