CVE-2020-12723

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html	Mailing List Third Party Advisory
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod	Third Party Advisory
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3	Patch Third Party Advisory
https://github.com/Perl/perl5/issues/16947	Third Party Advisory
https://github.com/Perl/perl5/issues/17743	Third Party Advisory
https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
https://security.gentoo.org/glsa/202006-03	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200611-0001/	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:::::::*
	cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:::::::*
	cpe:2.3:a:oracle:communications_lsms::::::::
	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_performance_intelligence_center::::::::
	cpe:2.3:a:oracle:communications_performance_intelligence_center::::::::
	cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:8.2:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.1:::::::*
	cpe:2.3:a:oracle:tekelec_platform_distribution::::::::

History

12 May 2022, 15:00

Type	Values Removed	Values Added
References	~~(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
CPE		cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:::::::* cpe:2.3:a:oracle:communications_performance_intelligence_center:::::::: cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:::::::*

20 Apr 2022, 00:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

04 Apr 2022, 13:31

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:sd-wan_edge:9.1:::::::* cpe:2.3:a:oracle:communications_diameter_signaling_router:::::::: cpe:2.3:a:oracle:sd-wan_edge:8.2:::::::* cpe:2.3:a:oracle:communications_lsms:::::::: cpe:2.3:a:oracle:communications_eagle_application_processor:::::::: cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:::::::* cpe:2.3:a:oracle:tekelec_platform_distribution:::::::: cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::* cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:::::::* cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::*
References	~~(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
References	~~(N/A) https://www.oracle.com//security-alerts/cpujul2021.html -~~	(N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory~~	(MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory

07 Feb 2022, 16:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

20 Oct 2021, 11:15

Type	Values Removed	Values Added
References		(N/A) https://www.oracle.com//security-alerts/cpujul2021.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -

14 Jun 2021, 18:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -

Information

Published : 2020-06-05 15:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-12723

Mitre link : CVE-2020-12723

CVE.ORG link : CVE-2020-12723

JSON object : View

Products Affected

oracle

enterprise_manager_base_platform
communications_eagle_lnp_application_processor
communications_eagle_application_processor
tekelec_platform_distribution
sd-wan_edge
communications_billing_and_revenue_management
communications_offline_mediation_controller
configuration_manager
communications_performance_intelligence_center
communications_diameter_signaling_router
communications_lsms

perl

perl

netapp

snap_creator_framework
oncommand_workflow_automation

opensuse

leap

fedoraproject

fedora

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-12723

7.5^/10

5.0^/10

Attach tags to `CVE-2020-12723`