CVE-2020-12723

Published Jun 5, 2020

Last updated a year ago

CVSS high 7.5

Overview

Description: regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C171B203-3DAA-43B7-A0BE-DDB0895EB744",
            "versionEndExcluding": "5.30.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
            "versionEndIncluding": "8.5.0",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
            "versionEndIncluding": "16.4.0",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
            "versionEndIncluding": "13.4",
            "versionStartIncluding": "13.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
            "versionEndIncluding": "10.3.0.2.1",
            "versionStartIncluding": "10.3.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
            "versionEndIncluding": "10.4.0.3.1",
            "versionStartIncluding": "10.4.0.1.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783"
          },
          {
            "criteria": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78C99571-0F3C-43E6-84B3-7D80E045EF8E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563"
          },
          {
            "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
            "versionEndIncluding": "7.7.1",
            "versionStartIncluding": "7.4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References