CVE-2020-12723 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 39%

Vendor	Product	Version
perl	perl	𝑥 < 5.30.3
netapp	oncommand_workflow_automation	-
netapp	snap_creator_framework	-
opensuse	leap	15.1
oracle	communications_billing_and_revenue_management	12.0.0.2.0
oracle	communications_billing_and_revenue_management	12.0.0.3.0
oracle	communications_diameter_signaling_router	8.0.0 ≤ 𝑥 ≤ 8.5.0
oracle	communications_eagle_application_processor	16.1.0 ≤ 𝑥 ≤ 16.4.0
oracle	communications_eagle_lnp_application_processor	10.1
oracle	communications_eagle_lnp_application_processor	10.2
oracle	communications_lsms	13.1 ≤ 𝑥 ≤ 13.4
oracle	communications_offline_mediation_controller	12.0.0.3.0
oracle	communications_performance_intelligence_center	10.3.0.0.0 ≤ 𝑥 ≤ 10.3.0.2.1
oracle	communications_performance_intelligence_center	10.4.0.1.0 ≤ 𝑥 ≤ 10.4.0.3.1
oracle	configuration_manager	12.1.2.0.8
oracle	enterprise_manager_base_platform	13.4.0.0
oracle	sd-wan_edge	8.2
oracle	sd-wan_edge	9.0
oracle	sd-wan_edge	9.1
oracle	tekelec_platform_distribution	7.4.0 ≤ 𝑥 ≤ 7.7.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

perl

bullseye	5.32.1-4+deb11u3 fixed
bullseye (security)	5.32.1-4+deb11u4 fixed
bookworm	5.36.0-7+deb12u1 fixed
sid	5.40.0-6 fixed
trixie	5.40.0-6 fixed

Ubuntu Releases

Ubuntu Product

Codename

perl

groovy	not-affected
focal	Fixed 5.30.0-9ubuntu0.2 released
eoan	ignored
bionic	Fixed 5.26.1-6ubuntu0.5 released
xenial	Fixed 5.22.1-9ubuntu0.9 released
trusty	Fixed 5.18.2-2ubuntu1.7+esm3 released

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html

https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod

https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3

https://github.com/Perl/perl5/issues/16947

https://github.com/Perl/perl5/issues/17743

https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/

https://security.gentoo.org/glsa/202006-03

https://security.netapp.com/advisory/ntap-20200611-0001/

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.oracle.com/security-alerts/cpujan2022.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html

https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod

https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3

https://github.com/Perl/perl5/issues/16947

https://github.com/Perl/perl5/issues/17743

https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/

https://security.gentoo.org/glsa/202006-03

https://security.netapp.com/advisory/ntap-20200611-0001/

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.oracle.com/security-alerts/cpujan2022.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html