Vulnerability Details CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.9%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 6.4
References
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
- https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
- https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
- https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
- https://security.gentoo.org/glsa/202006-03
- https://security.netapp.com/advisory/ntap-20200611-0001/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
- https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
- https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
- https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
- https://security.gentoo.org/glsa/202006-03
- https://security.netapp.com/advisory/ntap-20200611-0001/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Products affected by CVE-2020-10543
-
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0
-
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3.0.0
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.5
-
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0
-
cpe:2.3:a:oracle:communications_eagle_application_processor:16.1.0
-
cpe:2.3:a:oracle:communications_eagle_application_processor:16.2.0
-
cpe:2.3:a:oracle:communications_eagle_application_processor:16.4.0
-
cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1
-
cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2
-
cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7
-
cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8
-
cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9
-
cpe:2.3:a:oracle:communications_lsms:13.1
-
cpe:2.3:a:oracle:communications_lsms:13.2
-
cpe:2.3:a:oracle:communications_lsms:13.3
-
cpe:2.3:a:oracle:communications_lsms:13.4
-
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0
-
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.3.0.0.0
-
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.3.0.2.1
-
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.1.0
-
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2
-
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3
-
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3.1
-
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0
-
cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8
-
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0
-
cpe:2.3:a:oracle:sd-wan_edge:8.2
-
cpe:2.3:a:oracle:sd-wan_edge:9.0
-
cpe:2.3:a:oracle:sd-wan_edge:9.1
-
cpe:2.3:a:oracle:tekelec_platform_distribution:7.4.0
-
cpe:2.3:a:oracle:tekelec_platform_distribution:7.7.1
-
cpe:2.3:a:perl:perl:*
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:opensuse:leap:15.1