Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.6
CVSSv3

CVE-2020-10878

Published: 05/06/2020 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 8.6 | Impact Score: 4.7 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Perl

Vulnerability Summary

Perl prior to 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

perl perl

fedoraproject fedora 31

opensuse leap 15.1

netapp snap creator framework -

netapp oncommand workflow automation -

oracle communications eagle lnp application processor 10.1

oracle communications eagle lnp application processor 10.2

oracle sd-wan aware 8.2

oracle enterprise manager base platform 13.4.0.0

oracle communications billing and revenue management 12.0.0.3.0

oracle communications offline mediation controller 12.0.0.3.0

oracle communications billing and revenue management 12.0.0.2.0

oracle communications diameter signaling router

oracle communications pricing design center 12.0.0.3.0

oracle tekelec platform distribution

oracle communications eagle lnp application processor 46.7

oracle communications eagle lnp application processor 46.8

oracle communications eagle lnp application processor 46.9

oracle communications lsms

oracle configuration manager 12.1.2.0.8

oracle communications eagle application processor

oracle sd-wan aware 9.1

oracle sd-wan aware 9.0

oracle communications performance intelligence center

Vendor Advisories

Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update
Synopsis Moderate: Red Hat Advanced Cluster Management 213 security and bug fix update Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 213 General Availabilityrelease images, which fix several bugs and security issues Red Hat Product Security has rated ...
Red Hat: Moderate: perl security update
Synopsis Moderate: perl security update Type/Severity Security Advisory: Moderate Topic An update for perl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723
Debian Bug report logs - #962005 perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723 Package: src:perl; Maintainer for src:perl is Niko Tyni <ntyni@debianorg>; Reported by: Dominic Hargreaves <dom@earthli> Date: Mon, 1 Jun 2020 21:15:02 UTC Severity: important Tags: security Found in vers ...
Amazon Linux 2: ALAS2-2021-1610
Perl before 5303 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow (CVE-2020-10543) Perl before 5303 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation A crafted regular expression could lead to malformed bytecode with a poss ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/dragon7-fc/misc

A playground to note something

misc A playground to note something Tool ipmitool Build How to make in Ubuntu apt-get install automake libtool apt-get install libssl-dev # yum install openssl-devel /bootstrap /configure make How to make in Windows install Cygwin (32/64) with following package gcc-core make openssl-devel diff autoconf automake m4 libtool lib

https://github.com/hisnakad/AmazonECRScanSecurityHub

This repository provides sending Amazon ECR Scan results to AWS Security Hub by ASFF Format

Sending Amazon ECR Scan result to AWS Security Hub About This project assumes sending vulnerabilities of Amazon ECR Scanning to AWS Security Hub via ASFF format Currently, Amazon ECR provides scanning vulnerabilities, but ECR Scan result cannot support sending to AWS Security Hub This project provides Lambda Python code to import scan data of Amazon ECR and send AWS Sec

https://github.com/hisashin0728/AmazonECRScanSecurityHub

This repository provides sending Amazon ECR Scan results to AWS Security Hub by ASFF Format

Sending Amazon ECR Scan result to AWS Security Hub About This project assumes sending vulnerabilities of Amazon ECR Scanning to AWS Security Hub via ASFF format Currently, Amazon ECR provides scanning vulnerabilities, but ECR Scan result cannot support sending to AWS Security Hub This project provides Lambda Python code to import scan data of Amazon ECR and send AWS Sec

https://github.com/snigdhasambitak/cks

Practice questions for Certified Kubernetes Security Specialist (CKS) exam

CKS Simulator Kubernetes 125 Pre Setup Question 1 | Contexts Question 2 | Runtime Security with Falco Question 3 | Apiserver Security Question 4 | Pod Security Standard Question 5 | CIS Benchmark Question 6 | Verify Platform Binaries Question 7 | Open Policy Agent Question 8 | Secure Kubernetes Dashboard Question 9 | AppArmor Profile Question 10 | Container Runtime Sandbox gV

https://github.com/pbavinck/CICD_CloudBuild_01

2 Google Cloud Build demos using Cloud Run, Cloud Run on Anthos, Vulnarability Scanning and Binary Authorization.

Introduction This repository takes you through 2 demos: Simple Cloud Build pipeline to deploy to managed Google Cloud Run More advanced pipeline (testing, vulnarability scanning, Binary Authorization) to deploy to Cloud Run on Anthos / GKE Please note that the content of this repository is not an officially supported Google product It does however use officially supported Go

https://github.com/hstiwana/cks

cks1.28

CKS Simulator Kubernetes 128 killersh Pre Setup Once you've gained access to your terminal it might be wise to spend ~1 minute to setup your environment You could set these: alias k=kubectl # will already be pre-configured export do="--dry-run=client -o yaml" # k create deploy nginx --image=nginx $do export now="--force

References

CWE-190https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3chttps://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podhttps://security.netapp.com/advisory/ntap-20200611-0001/https://security.gentoo.org/glsa/202006-03http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/https://access.redhat.com/errata/RHSA-2021:0607https://nvd.nist.govhttps://github.com/dragon7-fc/mischttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10https://alas.aws.amazon.com/AL2/ALAS-2021-1610.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook