CVE-2020-12723 – perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS
https://notcve.org/view.php?id=CVE-2020-12723
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. En el archivo regcomp.c en Perl versiones anteriores a 5.30.3, permite un desbordamiento del búfer por medio de una expresión regular diseñada debido a llamadas recursivas de la función S_study_chunk • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 https://github.com/Perl/perl5/issues/16947 https://github.com/Perl/perl5/issues/17743 https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE https://security.g • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-185: Incorrect Regular Expression •
CVE-2020-10878 – perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS
https://notcve.org/view.php?id=CVE-2020-10878
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Perl versiones anteriores a 5.30.3, presenta un desbordamiento de enteros relacionado con un manejo inapropiado de una situación "PL_regkind[OP(n)] == NOTHING". Una expresión regular diseñada podría conllevar a un bytecode malformado con la posibilidad de inyección de instrucciones • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE https://security.gentoo.org/glsa/202006-03 htt • CWE-185: Incorrect Regular Expression CWE-190: Integer Overflow or Wraparound •
CVE-2020-10543 – perl: heap-based buffer overflow in regular expression compiler leads to DoS
https://notcve.org/view.php?id=CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Perl versiones anteriores a 5.30.3 en plataformas de 32 bits permite un desbordamiento del búfer en la región heap de la memoria porque los cuantificadores de expresiones regulares anidadas presentan un desbordamiento de enteros • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE https://security.gentoo.org/glsa/202006-03 https://security.netapp.com/advisory/ntap-20200611-0001 https://w • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2020-11972 – camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution
https://notcve.org/view.php?id=CVE-2020-11972
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Apache Camel RabbitMQ permite una deserialización de Java por defecto. Apache Camel versiones 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 hasta 3.1.0 están afectadas. Los usuarios de la versión 2.x deben actualizar a la versión 2.25.1, los usuarios de la versión 3.x deben actualizar a la versión 3.2.0. • http://www.openwall.com/lists/oss-security/2020/05/14/10 http://www.openwall.com/lists/oss-security/2020/05/14/8 https://camel.apache.org/security/CVE-2020-11972.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-11972 https://bugzilla.redhat.com/show_bug.cgi?id=1848464 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-11973 – camel: Netty enables Java deserialization by default which could leed to remote code execution
https://notcve.org/view.php?id=CVE-2020-11973
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Apache Camel Netty permite una deserialización de Java por defecto. Apache Camel versiones 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 hasta 3.1.0 están afectadas. Los usuarios de la versión 2.x deben actualizar a la versión 2.25.1, los usuarios de la versión 3.x deben actualizar a la versión 3.2.0. • http://www.openwall.com/lists/oss-security/2020/05/14/9 https://camel.apache.org/security/CVE-2020-11973.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-11973 https://bugzilla.redhat.com/show_bug.cgi?id=1848465 • CWE-502: Deserialization of Untrusted Data •