Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:14
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 May 2022, 15:00
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
First Time |
Oracle communications Performance Intelligence Center
|
|
CPE | cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:* |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Mar 2022, 18:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:* |
|
First Time |
Oracle sd-wan Aware
Oracle communications Offline Mediation Controller Oracle communications Lsms Oracle communications Diameter Signaling Router Oracle communications Eagle Application Processor Oracle communications Pricing Design Center Oracle enterprise Manager Base Platform Oracle communications Eagle Lnp Application Processor Oracle configuration Manager Oracle tekelec Platform Distribution |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Mar 2021, 22:12
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory | |
References | (CONFIRM) https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 - Patch, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-06-05 14:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-10878
Mitre link : CVE-2020-10878
CVE.ORG link : CVE-2020-10878
JSON object : View
Products Affected
oracle
- communications_performance_intelligence_center
- sd-wan_aware
- communications_eagle_application_processor
- configuration_manager
- communications_diameter_signaling_router
- communications_billing_and_revenue_management
- communications_eagle_lnp_application_processor
- tekelec_platform_distribution
- communications_lsms
- communications_offline_mediation_controller
- enterprise_manager_base_platform
- communications_pricing_design_center
netapp
- oncommand_workflow_automation
- snap_creator_framework
opensuse
- leap
perl
- perl
fedoraproject
- fedora
CWE
CWE-190
Integer Overflow or Wraparound