CVE-2020-12723

EPSS 0.18%
Published 05.06.2020 15:15:10
Last modified 21.11.2024 05:00:08
Source cve@mitre.org
Teams watchlist Login
Open Login

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Affected products Warnungen 0 Metrics 3 CWE 1 References 19

Data is provided by the National Vulnerability Database (NVD)

Perl ≫ Perl Version < 5.30.3

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Snap Creator Framework Version-

Fedoraproject ≫ Fedora Version31

Opensuse ≫ Leap Version15.1

Oracle ≫ Communications Billing And Revenue Management Version12.0.0.2.0

Oracle ≫ Communications Billing And Revenue Management Version12.0.0.3.0

Oracle ≫ Communications Diameter Signaling Router Version >= 8.0.0 <= 8.5.0

Oracle ≫ Communications Eagle Application Processor Version >= 16.1.0 <= 16.4.0

Oracle ≫ Communications Eagle Lnp Application Processor Version10.1

Oracle ≫ Communications Eagle Lnp Application Processor Version10.2

Oracle ≫ Communications Lsms Version >= 13.1 <= 13.4

Oracle ≫ Communications Offline Mediation Controller Version12.0.0.3.0

Oracle ≫ Communications Performance Intelligence Center Version >= 10.3.0.0.0 <= 10.3.0.2.1

Oracle ≫ Communications Performance Intelligence Center Version >= 10.4.0.1.0 <= 10.4.0.3.1

Oracle ≫ Configuration Manager Version12.1.2.0.8

Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0

Oracle ≫ Sd-wan Edge Version8.2

Oracle ≫ Sd-wan Edge Version9.0

Oracle ≫ Sd-wan Edge Version9.1

Oracle ≫ Tekelec Platform Distribution Version >= 7.4.0 <= 7.7.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.403

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.oracle.com/security-alerts/cpujan2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

Patch

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html

Third Party Advisory

Mailing List

https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod

Third Party Advisory

https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3

Patch

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/

https://security.gentoo.org/glsa/202006-03

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200611-0001/

Third Party Advisory

https://github.com/Perl/perl5/issues/16947

Third Party Advisory

https://github.com/Perl/perl5/issues/17743

Third Party Advisory

https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12723

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12723

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12723

EUVD