// For flags

CVE-2020-10878

perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS

Severity Score

8.6
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Perl versiones anteriores a 5.30.3, presenta un desbordamiento de enteros relacionado con un manejo inapropiado de una situación "PL_regkind[OP(n)] == NOTHING". Una expresión regular diseñada podría conllevar a un bytecode malformado con la posibilidad de inyección de instrucciones

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-03-23 CVE Reserved
  • 2020-06-05 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-09-29 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-185: Incorrect Regular Expression
  • CWE-190: Integer Overflow or Wraparound
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
< 5.30.3
Search vendor "Perl" for product "Perl" and version " < 5.30.3"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
31
Search vendor "Fedoraproject" for product "Fedora" and version "31"
-
Affected
Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
15.1
Search vendor "Opensuse" for product "Leap" and version "15.1"
-
Affected
Netapp
Search vendor "Netapp"
Oncommand Workflow Automation
Search vendor "Netapp" for product "Oncommand Workflow Automation"
--
Affected
Netapp
Search vendor "Netapp"
Snap Creator Framework
Search vendor "Netapp" for product "Snap Creator Framework"
--
Affected
Oracle
Search vendor "Oracle"
Communications Billing And Revenue Management
Search vendor "Oracle" for product "Communications Billing And Revenue Management"
12.0.0.2.0
Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Billing And Revenue Management
Search vendor "Oracle" for product "Communications Billing And Revenue Management"
12.0.0.3.0
Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Diameter Signaling Router
Search vendor "Oracle" for product "Communications Diameter Signaling Router"
>= 8.0.0 <= 8.5.0
Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version " >= 8.0.0 <= 8.5.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Eagle Application Processor
Search vendor "Oracle" for product "Communications Eagle Application Processor"
>= 16.1.0 <= 16.4.0
Search vendor "Oracle" for product "Communications Eagle Application Processor" and version " >= 16.1.0 <= 16.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Eagle Lnp Application Processor
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"
10.1
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "10.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Eagle Lnp Application Processor
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"
10.2
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "10.2"
-
Affected
Oracle
Search vendor "Oracle"
Communications Eagle Lnp Application Processor
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"
46.7
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.7"
-
Affected
Oracle
Search vendor "Oracle"
Communications Eagle Lnp Application Processor
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"
46.8
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.8"
-
Affected
Oracle
Search vendor "Oracle"
Communications Eagle Lnp Application Processor
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"
46.9
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "46.9"
-
Affected
Oracle
Search vendor "Oracle"
Communications Lsms
Search vendor "Oracle" for product "Communications Lsms"
>= 13.1 <= 13.4
Search vendor "Oracle" for product "Communications Lsms" and version " >= 13.1 <= 13.4"
-
Affected
Oracle
Search vendor "Oracle"
Communications Offline Mediation Controller
Search vendor "Oracle" for product "Communications Offline Mediation Controller"
12.0.0.3.0
Search vendor "Oracle" for product "Communications Offline Mediation Controller" and version "12.0.0.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Performance Intelligence Center
Search vendor "Oracle" for product "Communications Performance Intelligence Center"
>= 10.3.0.0.0 <= 10.3.0.2.1
Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.3.0.0.0 <= 10.3.0.2.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Performance Intelligence Center
Search vendor "Oracle" for product "Communications Performance Intelligence Center"
>= 10.4.0.1.0 <= 10.4.0.3.1
Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.4.0.1.0 <= 10.4.0.3.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Pricing Design Center
Search vendor "Oracle" for product "Communications Pricing Design Center"
12.0.0.3.0
Search vendor "Oracle" for product "Communications Pricing Design Center" and version "12.0.0.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Configuration Manager
Search vendor "Oracle" for product "Configuration Manager"
12.1.2.0.8
Search vendor "Oracle" for product "Configuration Manager" and version "12.1.2.0.8"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager Base Platform
Search vendor "Oracle" for product "Enterprise Manager Base Platform"
13.4.0.0
Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.4.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Sd-wan Aware
Search vendor "Oracle" for product "Sd-wan Aware"
8.2
Search vendor "Oracle" for product "Sd-wan Aware" and version "8.2"
-
Affected
Oracle
Search vendor "Oracle"
Sd-wan Aware
Search vendor "Oracle" for product "Sd-wan Aware"
9.0
Search vendor "Oracle" for product "Sd-wan Aware" and version "9.0"
-
Affected
Oracle
Search vendor "Oracle"
Sd-wan Aware
Search vendor "Oracle" for product "Sd-wan Aware"
9.1
Search vendor "Oracle" for product "Sd-wan Aware" and version "9.1"
-
Affected
Oracle
Search vendor "Oracle"
Tekelec Platform Distribution
Search vendor "Oracle" for product "Tekelec Platform Distribution"
>= 7.4.0 <= 7.7.1
Search vendor "Oracle" for product "Tekelec Platform Distribution" and version " >= 7.4.0 <= 7.7.1"
-
Affected