CVE-2020-10878

perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS

Severity Score

8.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Perl versiones anteriores a 5.30.3, presenta un desbordamiento de enteros relacionado con un manejo inapropiado de una situación "PL_regkind[OP(n)] == NOTHING". Una expresión regular diseñada podría conllevar a un bytecode malformado con la posibilidad de inyección de instrucciones

ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-23 CVE Reserved
2020-06-05 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-185: Incorrect Regular Expression
CWE-190: Integer Overflow or Wraparound

CAPEC

References (17)

URL	Tag	Source
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200611-0001	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3	2023-11-07
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8	2023-11-07
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c	2023-11-07
https://www.oracle.com//security-alerts/cpujul2021.html	2023-11-07
https://www.oracle.com/security-alerts/cpuApr2021.html	2023-11-07
https://www.oracle.com/security-alerts/cpuapr2022.html	2023-11-07
https://www.oracle.com/security-alerts/cpujan2021.html	2023-11-07
https://www.oracle.com/security-alerts/cpujan2022.html	2023-11-07
https://www.oracle.com/security-alerts/cpuoct2020.html	2023-11-07
https://www.oracle.com/security-alerts/cpuoct2021.html	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE	2023-11-07
https://security.gentoo.org/glsa/202006-03	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-10878	2021-07-20
https://bugzilla.redhat.com/show_bug.cgi?id=1837988	2021-07-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Perl Search vendor "Perl"		Perl Search vendor "Perl" for product "Perl"				< 5.30.3 Search vendor "Perl" for product "Perl" and version " < 5.30.3"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				31 Search vendor "Fedoraproject" for product "Fedora" and version "31"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Netapp Search vendor "Netapp"		Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation"				-		-		Affected
Netapp Search vendor "Netapp"		Snap Creator Framework Search vendor "Netapp" for product "Snap Creator Framework"				-		-		Affected
Oracle Search vendor "Oracle"		Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management"				12.0.0.2.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.2.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management"				12.0.0.3.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.3.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router"				>= 8.0.0 <= 8.5.0 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version " >= 8.0.0 <= 8.5.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Application Processor Search vendor "Oracle" for product "Communications Eagle Application Processor"				>= 16.1.0 <= 16.4.0 Search vendor "Oracle" for product "Communications Eagle Application Processor" and version " >= 16.1.0 <= 16.4.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"				10.1 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "10.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"				10.2 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "10.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"				46.7 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.7"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"				46.8 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.8"		-		Affected
Oracle Search vendor "Oracle"		Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"				46.9 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.9"		-		Affected
Oracle Search vendor "Oracle"		Communications Lsms Search vendor "Oracle" for product "Communications Lsms"				>= 13.1 <= 13.4 Search vendor "Oracle" for product "Communications Lsms" and version " >= 13.1 <= 13.4"		-		Affected
Oracle Search vendor "Oracle"		Communications Offline Mediation Controller Search vendor "Oracle" for product "Communications Offline Mediation Controller"				12.0.0.3.0 Search vendor "Oracle" for product "Communications Offline Mediation Controller" and version "12.0.0.3.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Performance Intelligence Center Search vendor "Oracle" for product "Communications Performance Intelligence Center"				>= 10.3.0.0.0 <= 10.3.0.2.1 Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.3.0.0.0 <= 10.3.0.2.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Performance Intelligence Center Search vendor "Oracle" for product "Communications Performance Intelligence Center"				>= 10.4.0.1.0 <= 10.4.0.3.1 Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.4.0.1.0 <= 10.4.0.3.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Pricing Design Center Search vendor "Oracle" for product "Communications Pricing Design Center"				12.0.0.3.0 Search vendor "Oracle" for product "Communications Pricing Design Center" and version "12.0.0.3.0"		-		Affected
Oracle Search vendor "Oracle"		Configuration Manager Search vendor "Oracle" for product "Configuration Manager"				12.1.2.0.8 Search vendor "Oracle" for product "Configuration Manager" and version "12.1.2.0.8"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform"				13.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.4.0.0"		-		Affected
Oracle Search vendor "Oracle"		Sd-wan Aware Search vendor "Oracle" for product "Sd-wan Aware"				8.2 Search vendor "Oracle" for product "Sd-wan Aware" and version "8.2"		-		Affected
Oracle Search vendor "Oracle"		Sd-wan Aware Search vendor "Oracle" for product "Sd-wan Aware"				9.0 Search vendor "Oracle" for product "Sd-wan Aware" and version "9.0"		-		Affected
Oracle Search vendor "Oracle"		Sd-wan Aware Search vendor "Oracle" for product "Sd-wan Aware"				9.1 Search vendor "Oracle" for product "Sd-wan Aware" and version "9.1"		-		Affected
Oracle Search vendor "Oracle"		Tekelec Platform Distribution Search vendor "Oracle" for product "Tekelec Platform Distribution"				>= 7.4.0 <= 7.7.1 Search vendor "Oracle" for product "Tekelec Platform Distribution" and version " >= 7.4.0 <= 7.7.1"		-		Affected