CVE-2020-12723

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-06-2020 05:15

Last modified: - 12-05-2022 05:00

Total changes: - 11

Description

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

vendor=perl AND product=perl AND versionEndExcluding=5.30.3

vendor=netapp AND product=snap_creator_framework AND version=-

vendor=netapp AND product=oncommand_workflow_automation AND version=-

vendor=fedoraproject AND product=fedora AND version=31

vendor=opensuse AND product=leap AND version=15.1

vendor=oracle AND product=communications_eagle_lnp_application_processor AND version=10.1

vendor=oracle AND product=communications_eagle_lnp_application_processor AND version=10.2

vendor=oracle AND product=sd-wan_edge AND version=9.0

vendor=oracle AND product=sd-wan_edge AND version=8.2

vendor=oracle AND product=enterprise_manager_base_platform AND version=13.4.0.0

vendor=oracle AND product=communications_billing_and_revenue_management AND version=12.0.0.3.0

vendor=oracle AND product=communications_offline_mediation_controller AND version=12.0.0.3.0

vendor=oracle AND product=communications_billing_and_revenue_management AND version=12.0.0.2.0

vendor=oracle AND product=communications_diameter_signaling_router AND versionEndIncluding=8.5.0 AND versionStartIncluding=8.0.0

vendor=oracle AND product=tekelec_platform_distribution AND versionEndIncluding=7.7.1 AND versionStartIncluding=7.4.0

vendor=oracle AND product=communications_eagle_application_processor AND versionEndIncluding=16.4.0 AND versionStartIncluding=16.1.0

vendor=oracle AND product=communications_lsms AND versionEndIncluding=13.4 AND versionStartIncluding=13.1

vendor=oracle AND product=communications_performance_intelligence_center AND versionEndIncluding=10.3.0.2.1 AND versionStartIncluding=10.3.0.0.0

vendor=oracle AND product=communications_performance_intelligence_center AND versionEndIncluding=10.4.0.3.1 AND versionStartIncluding=10.4.0.1.0

vendor=oracle AND product=configuration_manager AND version=12.1.2.0.8

vendor=oracle AND product=sd-wan_edge AND version=9.1

Reference

https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
https://github.com/Perl/perl5/issues/16947
https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a
https://github.com/Perl/perl5/issues/17743
https://security.netapp.com/advisory/ntap-20200611-0001/
GLSA-202006-03-Third Party Advisory
FEDORA-2020-fd73c08076-Mailing List, Third Party Advisory
openSUSE-SU-2020:0850-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
N/A-Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Keywords

CVE-2020-12723

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-12723

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures