CVE-2020-10543

perl: heap-based buffer overflow in regular expression compiler leads to DoS

Severity Score

8.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

Perl versiones anteriores a 5.30.3 en plataformas de 32 bits permite un desbordamiento del búfer en la región heap de la memoria porque los cuantificadores de expresiones regulares anidadas presentan un desbordamiento de enteros

ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-13 CVE Reserved
2020-06-05 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound
CWE-787: Out-of-bounds Write

CAPEC

References (16)

URL	Tag	Source
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod	Third Party Advisory
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200611-0001	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed	2023-11-07
https://www.oracle.com//security-alerts/cpujul2021.html	2023-11-07
https://www.oracle.com/security-alerts/cpuApr2021.html	2023-11-07
https://www.oracle.com/security-alerts/cpuapr2022.html	2023-11-07
https://www.oracle.com/security-alerts/cpujan2021.html	2023-11-07
https://www.oracle.com/security-alerts/cpujan2022.html	2023-11-07
https://www.oracle.com/security-alerts/cpuoct2020.html	2023-11-07
https://www.oracle.com/security-alerts/cpuoct2021.html	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE	2023-11-07
https://security.gentoo.org/glsa/202006-03	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-10543	2021-07-20
https://bugzilla.redhat.com/show_bug.cgi?id=1837975	2021-07-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Perl Search vendor "Perl"		Perl Search vendor "Perl" for product "Perl"				< 5.30.3 Search vendor "Perl" for product "Perl" and version " < 5.30.3"		x86		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				31 Search vendor "Fedoraproject" for product "Fedora" and version "31"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management"				12.0.0.2.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.2.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management"				12.0.0.3.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.3.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router"				>= 8.0.0 <= 8.5.0 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version " >= 8.0.0 <= 8.5.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Application Processor Search vendor "Oracle" for product "Communications Eagle Application Processor"				>= 16.1.0 <= 16.4.0 Search vendor "Oracle" for product "Communications Eagle Application Processor" and version " >= 16.1.0 <= 16.4.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"				10.1 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "10.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"				10.2 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "10.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"				46.7 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.7"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"				46.8 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.8"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"				46.9 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.9"		-		Affected
Oracle Search vendor "Oracle"		Communications Lsms Search vendor "Oracle" for product "Communications Lsms"				>= 13.1 <= 13.4 Search vendor "Oracle" for product "Communications Lsms" and version " >= 13.1 <= 13.4"		-		Affected
Oracle Search vendor "Oracle"		Communications Offline Mediation Controller Search vendor "Oracle" for product "Communications Offline Mediation Controller"				12.0.0.3.0 Search vendor "Oracle" for product "Communications Offline Mediation Controller" and version "12.0.0.3.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Performance Intelligence Center Search vendor "Oracle" for product "Communications Performance Intelligence Center"				>= 10.3.0.0.0 <= 10.3.0.2.1 Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.3.0.0.0 <= 10.3.0.2.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Performance Intelligence Center Search vendor "Oracle" for product "Communications Performance Intelligence Center"				>= 10.4.0.1.0 <= 10.4.0.3.1 Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.4.0.1.0 <= 10.4.0.3.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Pricing Design Center Search vendor "Oracle" for product "Communications Pricing Design Center"				12.0.0.3.0 Search vendor "Oracle" for product "Communications Pricing Design Center" and version "12.0.0.3.0"		-		Affected
Oracle Search vendor "Oracle"		Configuration Manager Search vendor "Oracle" for product "Configuration Manager"				12.1.2.0.8 Search vendor "Oracle" for product "Configuration Manager" and version "12.1.2.0.8"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform"				13.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.4.0.0"		-		Affected
Oracle Search vendor "Oracle"		Sd-wan Edge Search vendor "Oracle" for product "Sd-wan Edge"				8.2 Search vendor "Oracle" for product "Sd-wan Edge" and version "8.2"		-		Affected
Oracle Search vendor "Oracle"		Sd-wan Edge Search vendor "Oracle" for product "Sd-wan Edge"				9.0 Search vendor "Oracle" for product "Sd-wan Edge" and version "9.0"		-		Affected
Oracle Search vendor "Oracle"		Sd-wan Edge Search vendor "Oracle" for product "Sd-wan Edge"				9.1 Search vendor "Oracle" for product "Sd-wan Edge" and version "9.1"		-		Affected
Oracle Search vendor "Oracle"		Tekelec Platform Distribution Search vendor "Oracle" for product "Tekelec Platform Distribution"				>= 7.4.0 <= 7.7.1 Search vendor "Oracle" for product "Tekelec Platform Distribution" and version " >= 7.4.0 <= 7.7.1"		-		Affected