Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
21 Nov 2024, 04:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html - Mailing List, Third Party Advisory | |
References | () https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod - Third Party Advisory | |
References | () https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 - Patch, Third Party Advisory | |
References | () https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 - Patch, Third Party Advisory | |
References | () https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c - Patch, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/ - | |
References | () https://security.gentoo.org/glsa/202006-03 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20200611-0001/ - Third Party Advisory | |
References | () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory |
12 May 2022, 15:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Mar 2022, 18:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:* |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-06-05 14:15
Updated : 2024-11-21 04:56
NVD link : CVE-2020-10878
Mitre link : CVE-2020-10878
CVE.ORG link : CVE-2020-10878
JSON object : View
Products Affected
fedoraproject
- fedora
oracle
- communications_lsms
- communications_pricing_design_center
- communications_diameter_signaling_router
- sd-wan_aware
- communications_eagle_lnp_application_processor
- communications_eagle_application_processor
- configuration_manager
- communications_performance_intelligence_center
- enterprise_manager_base_platform
- communications_offline_mediation_controller
- communications_billing_and_revenue_management
- tekelec_platform_distribution
perl
- perl
opensuse
- leap
netapp
- oncommand_workflow_automation
- snap_creator_framework
CWE
CWE-190
Integer Overflow or Wraparound