CVE-2020-10543

CWE-190Integer OverflowCWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow15 documents9 sources
Severity
8.2HIGH
EPSS
4.3%
top 11.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Perl PerlOracle Communications Diameter Signaling RouterOracle Communications Eagle Application Processor+12 more
Timeline
PublishedJun 5
Latest updateOct 15

Description

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages16 packages

NVDperl/perl< 5.30.3
Debianperl< 5.30.3-1+3
Ubuntuperl< 5.22.1-9ubuntu0.9+3
NVDoracle/communications_lsms13.113.4

Also affects: Fedora 31

Patches

Patch: github.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
OSV
perl vulnerabilities2020-10-27
OSV
perl vulnerabilities2020-10-26
OSV
CVE-2020-10543: Perl before 52020-06-05
CVEList
CVE-2020-10543: Perl before 52020-06-05
OSV
CVE-2020-10543: Perl before 52020-06-01

📋Vendor Advisories

6
Oracle
Oracle Oracle Communications Risk Matrix: Realtime db (Perl) — CVE-2020-105432021-10-15
Oracle
Oracle Oracle Communications Risk Matrix: Publications (Perl) — CVE-2020-105432021-07-15
Ubuntu
Perl vulnerabilities2020-10-27
Ubuntu
Perl vulnerabilities2020-10-26
Red Hat
perl: heap-based buffer overflow in regular expression compiler leads to DoS2020-06-02

💬Community

3
HackerOne
[CVE-2020-10543] Buffer overflow caused by a crafted regular expression2020-11-09
Bugzilla
CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS [fedora-all]2020-06-06
Bugzilla
CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS2020-05-20