CVE-2020-12723

CWE-120 — Classic Buffer Overflow CWE-20 — Improper Input Validation CWE-18511 documents8 sources

Severity

7.5HIGH

EPSS

0.2%

top 59.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Perl Oracle Communications Diameter Signaling Router Oracle Communications Eagle Application Processor +11 more

Timeline

PublishedJun 5

Latest updateOct 27

Description

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages15 packages

▶NVDperl/perl< 5.30.3

▶Debianperl< 5.30.3-1+3

▶Ubuntuperl< 5.22.1-9ubuntu0.9+3

▶NVDoracle/communications_lsms13.1 — 13.4

▶NVDoracle/tekelec_platform_distribution7.4.0 — 7.7.1

Also affects: Fedora 31

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

CVE-2020-12723: regcomp↗2020-06-05

▶

CVEList

CVE-2020-12723: regcomp↗2020-06-05

▶

OSV

CVE-2020-12723: regcomp↗2020-06-01

▶

📋Vendor Advisories

Ubuntu

Perl vulnerabilities↗2020-10-27

▶

Ubuntu

Perl vulnerabilities↗2020-10-26

▶

Apple

CVE-2020-12723: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra↗2020-07-15

▶

Red Hat

perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS↗2020-06-02

▶

Debian

CVE-2020-12723: perl - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular e...↗2020

▶

💬Community

Bugzilla

CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS [fedora-all]↗2020-06-06

▶

Bugzilla

CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS↗2020-05-20

▶