system/perl: multiple vulnerabilities
Bugzilla ID | 296 |
Alias(es) | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-06-06 02:06:56 -0500 |
Modified | 2020-06-22 06:07:05 -0500 |
Status | UNCONFIRMED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | system/perl |
Description
CVE-2020-10878: https://nvd.nist.gov/vuln/detail/CVE-2020-10878
Perl before 5.30.3 has an integer overflow related to mishandling of a
"PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression
could lead to malformed bytecode with a possibility of instruction
injection.
Fixed in >= 5.30.3
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
CVE-2020-10543: https://nvd.nist.gov/vuln/detail/CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer
overflow because nested regular expression quantifiers have an integer
overflow.
Fixed in >= 5.30.3
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
CVE-2020-12723: https://nvd.nist.gov/vuln/detail/CVE-2020-12723
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted
regular expression because of recursive S_study_chunk calls.
Fixed in >= 5.30.3
https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a