CVE-2020-10878

CWE-190Integer OverflowCWE-18519 documents9 sources
Severity
8.6HIGH
EPSS
0.1%
top 71.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Perl PerlOracle Communications Diameter Signaling RouterOracle Communications Eagle Application Processor+12 more
Timeline
PublishedJun 5
Latest updateOct 15

Description

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 3.9 | Impact: 4.7

Affected Packages16 packages

NVDperl/perl< 5.30.3
Debianperl< 5.30.3-1+3
Ubuntuperl< 5.22.1-9ubuntu0.9+3
NVDoracle/communications_lsms13.113.4

Also affects: Fedora 31

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
perl vulnerabilities2020-10-26
CVEList
CVE-2020-10878: Perl before 52020-06-05
OSV
CVE-2020-10878: Perl before 52020-06-05
OSV
CVE-2020-10878: Perl before 52020-06-01

📋Vendor Advisories

12
Oracle
Oracle Oracle Communications Risk Matrix: Platform (PERL) — CVE-2020-108782022-10-15
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Perl) — CVE-2020-108782022-04-15
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Perl) — CVE-2020-108782022-01-15
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Perl) — CVE-2020-108782021-10-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: UDC CORE (Perl) — CVE-2020-108782021-07-15

💬Community

2
Bugzilla
CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS [fedora-all]2020-06-06
Bugzilla
CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS2020-05-20