CVE-2020-10878
perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS
Severity Score
8.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
Perl versiones anteriores a 5.30.3, presenta un desbordamiento de enteros relacionado con un manejo inapropiado de una situación "PL_regkind[OP(n)] == NOTHING". Una expresión regular diseñada podría conllevar a un bytecode malformado con la posibilidad de inyección de instrucciones
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-03-23 CVE Reserved
- 2020-06-05 CVE Published
- 2024-04-26 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-185: Incorrect Regular Expression
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20200611-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | < 5.30.3 Search vendor "Perl" for product "Perl" and version " < 5.30.3" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snap Creator Framework Search vendor "Netapp" for product "Snap Creator Framework" | - | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management" | 12.0.0.2.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management" | 12.0.0.3.0 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router" | >= 8.0.0 <= 8.5.0 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version " >= 8.0.0 <= 8.5.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Eagle Application Processor Search vendor "Oracle" for product "Communications Eagle Application Processor" | >= 16.1.0 <= 16.4.0 Search vendor "Oracle" for product "Communications Eagle Application Processor" and version " >= 16.1.0 <= 16.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" | 10.1 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "10.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" | 10.2 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "10.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" | 46.7 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" | 46.8 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.8" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Eagle Lnp Application Processor Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" | 46.9 Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.9" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Lsms Search vendor "Oracle" for product "Communications Lsms" | >= 13.1 <= 13.4 Search vendor "Oracle" for product "Communications Lsms" and version " >= 13.1 <= 13.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Offline Mediation Controller Search vendor "Oracle" for product "Communications Offline Mediation Controller" | 12.0.0.3.0 Search vendor "Oracle" for product "Communications Offline Mediation Controller" and version "12.0.0.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Performance Intelligence Center Search vendor "Oracle" for product "Communications Performance Intelligence Center" | >= 10.3.0.0.0 <= 10.3.0.2.1 Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.3.0.0.0 <= 10.3.0.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Performance Intelligence Center Search vendor "Oracle" for product "Communications Performance Intelligence Center" | >= 10.4.0.1.0 <= 10.4.0.3.1 Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.4.0.1.0 <= 10.4.0.3.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Pricing Design Center Search vendor "Oracle" for product "Communications Pricing Design Center" | 12.0.0.3.0 Search vendor "Oracle" for product "Communications Pricing Design Center" and version "12.0.0.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Configuration Manager Search vendor "Oracle" for product "Configuration Manager" | 12.1.2.0.8 Search vendor "Oracle" for product "Configuration Manager" and version "12.1.2.0.8" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform" | 13.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.4.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Sd-wan Aware Search vendor "Oracle" for product "Sd-wan Aware" | 8.2 Search vendor "Oracle" for product "Sd-wan Aware" and version "8.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Sd-wan Aware Search vendor "Oracle" for product "Sd-wan Aware" | 9.0 Search vendor "Oracle" for product "Sd-wan Aware" and version "9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Sd-wan Aware Search vendor "Oracle" for product "Sd-wan Aware" | 9.1 Search vendor "Oracle" for product "Sd-wan Aware" and version "9.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Tekelec Platform Distribution Search vendor "Oracle" for product "Tekelec Platform Distribution" | >= 7.4.0 <= 7.7.1 Search vendor "Oracle" for product "Tekelec Platform Distribution" and version " >= 7.4.0 <= 7.7.1" | - |
Affected
| ||||||