cbcvebase.
CVE-2020-10878
published 2020-06-05

CVE-2020-10878: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to…

high8.6CVSS 3.1
AVNACLPRNUINSUCLILAH
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
applemacos_catalina_10.15.6_security_update_2020-004_mojave_security_update_2020-004
debianperl< perl 5.30.3-1 (bookworm)perl 5.30.3-1 (bookworm)
fedoraprojectfedora
opensuseleap
oraclecommunications_billing_and_revenue_management
oraclecommunications_billing_and_revenue_management
oraclecommunications_diameter_signaling_router8.0.0 – 8.5.0
oraclecommunications_eagle_application_processor16.1.0 – 16.4.0
oraclecommunications_eagle_lnp_application_processor
oraclecommunications_eagle_lnp_application_processor
oraclecommunications_eagle_lnp_application_processor
oraclecommunications_eagle_lnp_application_processor
oraclecommunications_eagle_lnp_application_processor
oraclecommunications_lsms13.1 – 13.4
oraclecommunications_offline_mediation_controller
oraclecommunications_performance_intelligence_center10.3.0.0.0 – 10.3.0.2.1
oraclecommunications_performance_intelligence_center10.4.0.1.0 – 10.4.0.3.1
oraclecommunications_pricing_design_center
oracleconfiguration_manager
oracleenterprise_manager_base_platform
oraclesd-wan_aware
oraclesd-wan_aware
oraclesd-wan_aware
oracletekelec_platform_distribution7.4.0 – 7.7.1
perlperl< 5.30.35.30.3

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
osv8.6HIGH