CVE-2020-10878

Published Jun 5, 2020

Last updated a year ago

CVSS high 8.6

Overview

Description: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 4.7
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-190

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C171B203-3DAA-43B7-A0BE-DDB0895EB744",
            "versionEndExcluding": "5.30.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
            "versionEndIncluding": "8.5.0",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
            "versionEndIncluding": "16.4.0",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "879FE18D-6B1C-4CF7-B409-C379E9F60D0A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2BE3FB3-5619-4381-BE4E-FBADB3C747F9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AB3C447-DA3F-44FF-91FD-8985C0527940"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
            "versionEndIncluding": "13.4",
            "versionStartIncluding": "13.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
            "versionEndIncluding": "10.3.0.2.1",
            "versionStartIncluding": "10.3.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
            "versionEndIncluding": "10.4.0.3.1",
            "versionStartIncluding": "10.4.0.1.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783"
          },
          {
            "criteria": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "667A06DE-E173-406F-94DA-1FE64BCFAE18"
          },
          {
            "criteria": "cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B003D11-398F-486C-941D-698FB5BE5BCE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D13834B9-C48B-4C72-A27B-F9A8ACB50098"
          },
          {
            "criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
            "versionEndIncluding": "7.7.1",
            "versionStartIncluding": "7.4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References