CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
perlperl
𝑥
< 5.30.3
opensuseleap
15.1
netapponcommand_workflow_automation
-
netappsnap_creator_framework
-
oraclecommunications_billing_and_revenue_management
12.0.0.2.0
oraclecommunications_billing_and_revenue_management
12.0.0.3.0
oraclecommunications_diameter_signaling_router
8.0.0 ≤
𝑥
≤ 8.5.0
oraclecommunications_eagle_application_processor
16.1.0 ≤
𝑥
≤ 16.4.0
oraclecommunications_eagle_lnp_application_processor
10.1
oraclecommunications_eagle_lnp_application_processor
10.2
oraclecommunications_eagle_lnp_application_processor
46.7
oraclecommunications_eagle_lnp_application_processor
46.8
oraclecommunications_eagle_lnp_application_processor
46.9
oraclecommunications_lsms
13.1 ≤
𝑥
≤ 13.4
oraclecommunications_offline_mediation_controller
12.0.0.3.0
oraclecommunications_performance_intelligence_center
10.3.0.0.0 ≤
𝑥
≤ 10.3.0.2.1
oraclecommunications_performance_intelligence_center
10.4.0.1.0 ≤
𝑥
≤ 10.4.0.3.1
oraclecommunications_pricing_design_center
12.0.0.3.0
oracleconfiguration_manager
12.1.2.0.8
oracleenterprise_manager_base_platform
13.4.0.0
oraclesd-wan_aware
8.2
oraclesd-wan_aware
9.0
oraclesd-wan_aware
9.1
oracletekelec_platform_distribution
7.4.0 ≤
𝑥
≤ 7.7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
perl
bullseye
5.32.1-4+deb11u3
fixed
bullseye (security)
5.32.1-4+deb11u4
fixed
bookworm
5.36.0-7+deb12u1
fixed
sid
5.40.0-6
fixed
trixie
5.40.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
perl
groovy
not-affected
focal
Fixed 5.30.0-9ubuntu0.2
released
eoan
ignored
bionic
Fixed 5.26.1-6ubuntu0.5
released
xenial
Fixed 5.22.1-9ubuntu0.9
released
trusty
Fixed 5.18.2-2ubuntu1.7+esm3
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
https://security.gentoo.org/glsa/202006-03
https://security.netapp.com/advisory/ntap-20200611-0001/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
https://security.gentoo.org/glsa/202006-03
https://security.netapp.com/advisory/ntap-20200611-0001/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html