7.5
CVSSv3

CVE-2020-12723

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: 5 | VMScore: 850 | EPSS: 0.00235 | KEV: Not Included
Published: 05/06/2020 Updated: 21/11/2024

Vulnerability Summary

regcomp.c in Perl prior to 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

perl perl

netapp oncommand workflow automation -

netapp snap creator framework -

fedoraproject fedora 31

opensuse leap 15.1

oracle communications billing and revenue management 12.0.0.2.0

oracle communications billing and revenue management 12.0.0.3.0

oracle communications diameter signaling router

oracle communications eagle application processor

oracle communications eagle lnp application processor 10.1

oracle communications eagle lnp application processor 10.2

oracle communications lsms

oracle communications offline mediation controller 12.0.0.3.0

oracle communications performance intelligence center

oracle configuration manager 12.1.2.0.8

oracle enterprise manager base platform 13.4.0.0

oracle sd-wan edge 8.2

oracle sd-wan edge 9.0

oracle sd-wan edge 9.1

oracle tekelec platform distribution

Vendor Advisories

Debian Bug report logs - #962005 perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723 Package: src:perl; Maintainer for src:perl is Niko Tyni <ntyni@debianorg>; Reported by: Dominic Hargreaves <dom@earthli> Date: Mon, 1 Jun 2020 21:15:02 UTC Severity: important Tags: security Found in vers ...
Synopsis Moderate: Red Hat Advanced Cluster Management 213 security and bug fix update Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 213 General Availabilityrelease images, which fix several bugs and security issues Red Hat Product Security has rated ...
Synopsis Moderate: perl security update Type/Severity Security Advisory: Moderate Topic An update for perl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis Moderate: perl security update Type/Severity Security Advisory: Moderate Topic An update for perl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Perl before 5303 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow (CVE-2020-10543) Perl before 5303 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation A crafted regular expression could lead to malformed bytecode with a poss ...

References

CWE-120https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005https://www.first.org/epsshttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10https://alas.aws.amazon.com/AL2/ALAS-2021-1610.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlhttps://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podhttps://github.com/Perl/perl5/compare/v5.30.2...v5.30.3https://github.com/Perl/perl5/issues/16947https://github.com/Perl/perl5/issues/17743https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184ahttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/https://security.gentoo.org/glsa/202006-03https://security.netapp.com/advisory/ntap-20200611-0001/https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlhttps://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podhttps://github.com/Perl/perl5/compare/v5.30.2...v5.30.3https://github.com/Perl/perl5/issues/16947https://github.com/Perl/perl5/issues/17743https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184ahttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/https://security.gentoo.org/glsa/202006-03https://security.netapp.com/advisory/ntap-20200611-0001/https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html