CVE-2020-10543

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVSS v3 8.2 HIGH
CVSS v2.0 6.4 MEDIUM

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html	Mailing List Third Party Advisory
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod	Third Party Advisory
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3	Third Party Advisory
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
https://security.gentoo.org/glsa/202006-03	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200611-0001/	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:perl:perl:*:*:*:*:*:*:x86:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:::::::*
	cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:::::::*
	cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:::::::*
	cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:::::::*
	cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:::::::*
	cpe:2.3:a:oracle:communications_lsms::::::::
	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_performance_intelligence_center::::::::
	cpe:2.3:a:oracle:communications_performance_intelligence_center::::::::
	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:8.2:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:9.1:::::::*
	cpe:2.3:a:oracle:tekelec_platform_distribution::::::::

History

07 Nov 2023, 03:14

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/', 'name': 'FEDORA-2020-fd73c08076', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/ -

12 May 2022, 15:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:::::::* cpe:2.3:a:oracle:communications_performance_intelligence_center:::::::: cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:::::::*
First Time		Oracle communications Performance Intelligence Center
References	~~(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

20 Apr 2022, 00:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

29 Mar 2022, 18:05

Type	Values Removed	Values Added
First Time		Oracle communications Eagle Application Processor
CPE		cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory

07 Feb 2022, 16:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

03 Dec 2021, 20:52

Type	Values Removed	Values Added
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html - Mailing List, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory
References	~~(N/A) https://www.oracle.com//security-alerts/cpujul2021.html -~~	(N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2020.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory
CPE		cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:::::::* cpe:2.3:a:oracle:sd-wan_edge:9.1:::::::* cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:::::::* cpe:2.3:o:opensuse:leap:15.1:::::::* cpe:2.3:a:oracle:tekelec_platform_distribution:::::::: cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::* cpe:2.3:a:oracle:communications_diameter_signaling_router:::::::: cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:::::::* cpe:2.3:a:oracle:communications_lsms:::::::: cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::* cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::* cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:::::::* cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:::::::* cpe:2.3:a:oracle:sd-wan_edge:8.2:::::::* cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:::::::* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:::::::*

20 Oct 2021, 11:15

Type	Values Removed	Values Added
CWE		CWE-190
References		(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - (N/A) https://www.oracle.com//security-alerts/cpujul2021.html -

14 Jun 2021, 18:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -

20 Jan 2021, 15:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpujan2021.html -

Information

Published : 2020-06-05 14:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-10543

Mitre link : CVE-2020-10543

CVE.ORG link : CVE-2020-10543

JSON object : View

Products Affected

oracle

communications_eagle_application_processor
communications_performance_intelligence_center
communications_lsms
configuration_manager
communications_pricing_design_center
enterprise_manager_base_platform
communications_eagle_lnp_application_processor
communications_offline_mediation_controller
tekelec_platform_distribution
communications_billing_and_revenue_management
sd-wan_edge
communications_diameter_signaling_router

fedoraproject

fedora

perl

perl

opensuse

leap

CWE

CWE-190

Integer Overflow or Wraparound

CWE-787

Out-of-bounds Write

8.2 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-10543

8.2^/10

6.4^/10

Attach tags to `CVE-2020-10543`