CVE-2020-10543

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-06-2020 04:15

Last modified: - 12-05-2022 05:00

Total changes: - 12

Description

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

Low

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

8.2

Base score

3.9

4.2

Exploitability score

Impact score

Verification logic

vendor=perl AND product=perl AND target_hardware=x86 AND versionEndExcluding=5.30.3

vendor=fedoraproject AND product=fedora AND version=31

vendor=opensuse AND product=leap AND version=15.1

vendor=oracle AND product=communications_eagle_lnp_application_processor AND version=10.1

vendor=oracle AND product=communications_eagle_lnp_application_processor AND version=10.2

vendor=oracle AND product=sd-wan_edge AND version=9.0

vendor=oracle AND product=sd-wan_edge AND version=8.2

vendor=oracle AND product=enterprise_manager_base_platform AND version=13.4.0.0

vendor=oracle AND product=communications_billing_and_revenue_management AND version=12.0.0.3.0

vendor=oracle AND product=communications_offline_mediation_controller AND version=12.0.0.3.0

vendor=oracle AND product=communications_billing_and_revenue_management AND version=12.0.0.2.0

vendor=oracle AND product=communications_diameter_signaling_router AND versionEndIncluding=8.5.0 AND versionStartIncluding=8.0.0

vendor=oracle AND product=communications_pricing_design_center AND version=12.0.0.3.0

vendor=oracle AND product=communications_eagle_application_processor AND versionEndIncluding=16.4.0 AND versionStartIncluding=16.1.0

vendor=oracle AND product=communications_eagle_lnp_application_processor AND version=46.7

vendor=oracle AND product=communications_eagle_lnp_application_processor AND version=46.8

vendor=oracle AND product=communications_eagle_lnp_application_processor AND version=46.9

vendor=oracle AND product=communications_lsms AND versionEndIncluding=13.4 AND versionStartIncluding=13.1

vendor=oracle AND product=communications_performance_intelligence_center AND versionEndIncluding=10.3.0.2.1 AND versionStartIncluding=10.3.0.0.0

vendor=oracle AND product=communications_performance_intelligence_center AND versionEndIncluding=10.4.0.3.1 AND versionStartIncluding=10.4.0.1.0

vendor=oracle AND product=configuration_manager AND version=12.1.2.0.8

vendor=oracle AND product=sd-wan_edge AND version=9.1

vendor=oracle AND product=tekelec_platform_distribution AND versionEndIncluding=7.7.1 AND versionStartIncluding=7.4.0

Reference

https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
https://security.netapp.com/advisory/ntap-20200611-0001/
GLSA-202006-03-Third Party Advisory
FEDORA-2020-fd73c08076-Mailing List, Third Party Advisory
openSUSE-SU-2020:0850-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
N/A-Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Keywords

CVE-2020-10543

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-10543

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures