Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
21 Nov 2024, 04:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html - Mailing List, Third Party Advisory | |
References | () https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod - Third Party Advisory | |
References | () https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 - Patch, Third Party Advisory | |
References | () https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 - Patch, Third Party Advisory | |
References | () https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c - Patch, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/ - | |
References | () https://security.gentoo.org/glsa/202006-03 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20200611-0001/ - Third Party Advisory | |
References | () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory |
07 Nov 2023, 03:14
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-06-05 14:15
Updated : 2024-11-21 04:56
NVD link : CVE-2020-10878
Mitre link : CVE-2020-10878
CVE.ORG link : CVE-2020-10878
JSON object : View
Products Affected
oracle
- sd-wan_aware
- tekelec_platform_distribution
- communications_lsms
- communications_offline_mediation_controller
- communications_diameter_signaling_router
- enterprise_manager_base_platform
- communications_pricing_design_center
- communications_performance_intelligence_center
- configuration_manager
- communications_eagle_application_processor
- communications_eagle_lnp_application_processor
- communications_billing_and_revenue_management
opensuse
- leap
perl
- perl
fedoraproject
- fedora
netapp
- oncommand_workflow_automation
- snap_creator_framework
CWE
CWE-190
Integer Overflow or Wraparound