CVE-2020-12723 - Vulncode-DB

CVE-2020-12723 (NVD)

2020-06-05

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Products	Fedora, Oncommand_workflow_automation, Snap_creator_framework, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_edge, Tekelec_platform_distribution, Perl
Type	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
First patch	- None (likely due to unavailable code)
Patches	• https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 • https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a
Links	• https://github.com/Perl/perl5/issues/17743 • https://security.gentoo.org/glsa/202006-03 • https://github.com/Perl/perl5/issues/16947 • https://www.oracle.com/security-alerts/cpuoct2020.html • https://www.oracle.com/security-alerts/cpujan2021.html More/Less (9) • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/ • https://www.oracle.com/security-alerts/cpuapr2022.html • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html • https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod • https://www.oracle.com/security-alerts/cpuoct2021.html • https://security.netapp.com/advisory/ntap-20200611-0001/ • https://www.oracle.com/security-alerts/cpujan2022.html • https://www.oracle.com//security-alerts/cpujul2021.html • https://www.oracle.com/security-alerts/cpuApr2021.html