ID

VAR-202006-1806


CVE

CVE-2020-12723


TITLE

Perl Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202006-146

DESCRIPTION

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. An attacker could exploit this vulnerability to cause a denial of service or potentially execute code. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202006-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Perl: Multiple vulnerabilities Date: June 12, 2020 Bugs: #723792 ID: 202006-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Perl, the worst of which could result in a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/perl < 5.30.3 >= 5.30.3 Description =========== Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.30.3" References ========== [ 1 ] CVE-2020-10543 https://nvd.nist.gov/vuln/detail/CVE-2020-10543 [ 2 ] CVE-2020-10878 https://nvd.nist.gov/vuln/detail/CVE-2020-10878 [ 3 ] CVE-2020-12723 https://nvd.nist.gov/vuln/detail/CVE-2020-12723 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202006-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of Django to address CVE-2021-3281. * Upgraded to a more recent version of autobahn to address CVE-2020-35678. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7. * Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions. * Fixed several issues related to how Tower rotates its log files. * Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales. * Fixed a bug which can cause unanticipated delays in certain playbook output. * Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data. * Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected. * Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified. * Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches. * Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:1266-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1266 Issue date: 2021-04-20 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ===================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: perl-5.16.3-292.el7_4.2.src.rpm noarch: perl-CPAN-1.9800-292.el7_4.2.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm perl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm perl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm perl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm perl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm perl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm perl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm perl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm perl-Package-Constants-0.02-292.el7_4.2.noarch.rpm perl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm x86_64: perl-5.16.3-292.el7_4.2.x86_64.rpm perl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm perl-core-5.16.3-292.el7_4.2.x86_64.rpm perl-debuginfo-5.16.3-292.el7_4.2.i686.rpm perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-devel-5.16.3-292.el7_4.2.i686.rpm perl-devel-5.16.3-292.el7_4.2.x86_64.rpm perl-libs-5.16.3-292.el7_4.2.i686.rpm perl-libs-5.16.3-292.el7_4.2.x86_64.rpm perl-macros-5.16.3-292.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: perl-5.16.3-292.el7_4.2.src.rpm noarch: perl-CPAN-1.9800-292.el7_4.2.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm perl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm perl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm perl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm perl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm perl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm perl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm perl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm perl-Package-Constants-0.02-292.el7_4.2.noarch.rpm perl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm ppc64le: perl-5.16.3-292.el7_4.2.ppc64le.rpm perl-Time-Piece-1.20.1-292.el7_4.2.ppc64le.rpm perl-core-5.16.3-292.el7_4.2.ppc64le.rpm perl-debuginfo-5.16.3-292.el7_4.2.ppc64le.rpm perl-devel-5.16.3-292.el7_4.2.ppc64le.rpm perl-libs-5.16.3-292.el7_4.2.ppc64le.rpm perl-macros-5.16.3-292.el7_4.2.ppc64le.rpm x86_64: perl-5.16.3-292.el7_4.2.x86_64.rpm perl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm perl-core-5.16.3-292.el7_4.2.x86_64.rpm perl-debuginfo-5.16.3-292.el7_4.2.i686.rpm perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-devel-5.16.3-292.el7_4.2.i686.rpm perl-devel-5.16.3-292.el7_4.2.x86_64.rpm perl-libs-5.16.3-292.el7_4.2.i686.rpm perl-libs-5.16.3-292.el7_4.2.x86_64.rpm perl-macros-5.16.3-292.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: perl-5.16.3-292.el7_4.2.src.rpm noarch: perl-CPAN-1.9800-292.el7_4.2.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm perl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm perl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm perl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm perl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm perl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm perl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm perl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm perl-Package-Constants-0.02-292.el7_4.2.noarch.rpm perl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm x86_64: perl-5.16.3-292.el7_4.2.x86_64.rpm perl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm perl-core-5.16.3-292.el7_4.2.x86_64.rpm perl-debuginfo-5.16.3-292.el7_4.2.i686.rpm perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-devel-5.16.3-292.el7_4.2.i686.rpm perl-devel-5.16.3-292.el7_4.2.x86_64.rpm perl-libs-5.16.3-292.el7_4.2.i686.rpm perl-libs-5.16.3-292.el7_4.2.x86_64.rpm perl-macros-5.16.3-292.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-tests-5.16.3-292.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: perl-debuginfo-5.16.3-292.el7_4.2.ppc64le.rpm perl-tests-5.16.3-292.el7_4.2.ppc64le.rpm x86_64: perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-tests-5.16.3-292.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-tests-5.16.3-292.el7_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYH7PTtzjgjWX9erEAQg5Rg//XzoyzGoFRn5v3JT/1ZxNTBxZ+2SbVWnf MVMm5qt1Lkk8s/0DQnvJPKQaHc5yISwGIZChNZe4FxaxSfsn7nvH88d38Xpwht8q QsmKGPEyYmb9qvMbCpjFV6+T1ggaMvfikeFTCe49Kx3H/dDMKPXYvZqL9VtjbKKc Bf0G2fJkhCaEFeFksHZShu2tofoVaHeN/RkwoQrK2HWqb8emlEY5aTtdx3znzSwV Vg3l3sGJ4eDKLz8sWvUJtkkljM/uTM0klbbseyl6duBdFzzSegnn6dMcWLsntADr PgmyL5WMI7lLfJoBwK0m7D45HfCaVMVMp9dQdr5RE+IO+DXUQf9plEhKCIuPBiii aMugog1BamqQUHSYBwyhUOGjyT51SJHg+uVbvYzrQRM8v9YFDgYyliCiqJQmlik7 kq6Jmytn3AkrGQWCJy5TALvNnM59TDTM9IiBNHZ2iA3g59U2a6KZvYFgyT6JZ7rJ FEdgxtMdCLGXIS/aAeq9kiU+Jg4a3RN8gPhGiE39WACtvQ8QWs3GrYDVxlSF6eXg rzXOA6UYyTICfhT4JKb54bkH1MzR7hRaMX0UqnAF4gsPgduEmMdwSpB+5e1q/XIr tRH/FrGPdB/aTo19Pk6u3SQxgpYXQf+SpFiSpxvwsVaSNKGgm3eh3soNuXCCKfpf qTMMs3KSLLM= =1/yn -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3

Trust: 1.71

sources: NVD: CVE-2020-12723 // VULHUB: VHN-165430 // VULMON: CVE-2020-12723 // PACKETSTORM: 162915 // PACKETSTORM: 158058 // PACKETSTORM: 161727 // PACKETSTORM: 161728 // PACKETSTORM: 162130 // PACKETSTORM: 162245 // PACKETSTORM: 161437

AFFECTED PRODUCTS

vendor:oraclemodel:sd-wan edgescope:eqversion:9.1

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:gteversion:13.1

Trust: 1.0

vendor:oraclemodel:communications offline mediation controllerscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:gteversion:10.4.0.1.0

Trust: 1.0

vendor:oraclemodel:communications eagle application processorscope:lteversion:16.4.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:10.1

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:lteversion:10.4.0.3.1

Trust: 1.0

vendor:oraclemodel:tekelec platform distributionscope:gteversion:7.4.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:perlmodel:perlscope:ltversion:5.30.3

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:gteversion:10.3.0.0.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:lteversion:10.3.0.2.1

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:tekelec platform distributionscope:lteversion:7.7.1

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:8.2

Trust: 1.0

vendor:oraclemodel:configuration managerscope:eqversion:12.1.2.0.8

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:lteversion:13.4

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.2.0

Trust: 1.0

vendor:oraclemodel:communications eagle application processorscope:gteversion:16.1.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2020-12723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12723
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202006-146
value: HIGH

Trust: 0.6

VULHUB: VHN-165430
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-12723
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12723
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-165430
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12723
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-165430 // VULMON: CVE-2020-12723 // CNNVD: CNNVD-202006-146 // NVD: CVE-2020-12723

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.1

sources: VULHUB: VHN-165430 // NVD: CVE-2020-12723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-146

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-146

PATCH

title:Perl Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120689

Trust: 0.6

title:Red Hat: Moderate: perl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210557 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: perl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210343 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=babe2a0596ddd17a5ad75cd3c30c45ff

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1610url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1610

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210607 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=08f19f0be4d5dcf7486e5abcdb671477

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:visualGambasDeltaurl:https://github.com/D5n9sMatrix/visualGambasDelta

Trust: 0.1

title:perl5283deltaurl:https://github.com/D5n9sMatrix/perl5283delta

Trust: 0.1

title:editorGambasDeltaurl:https://github.com/D5n9sMatrix/editorGambasDelta

Trust: 0.1

title:EditorGambasDeltaurl:https://github.com/D5n9sMatrix/EditorGambasDelta

Trust: 0.1

title:litecoin-automationurl:https://github.com/gzukel/litecoin-automation

Trust: 0.1

title: - url:https://github.com/D5n9sMatrix/perltoc

Trust: 0.1

title:snykouturl:https://github.com/garethr/snykout

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2020-12723 // CNNVD: CNNVD-202006-146

EXTERNAL IDS

db:NVDid:CVE-2020-12723

Trust: 2.5

db:PACKETSTORMid:162915

Trust: 0.8

db:PACKETSTORMid:161728

Trust: 0.8

db:PACKETSTORMid:162130

Trust: 0.8

db:PACKETSTORMid:162245

Trust: 0.8

db:PACKETSTORMid:159726

Trust: 0.7

db:PACKETSTORMid:162021

Trust: 0.7

db:PACKETSTORMid:159707

Trust: 0.7

db:PACKETSTORMid:161255

Trust: 0.7

db:PACKETSTORMid:161656

Trust: 0.7

db:PACKETSTORMid:161843

Trust: 0.7

db:CNNVDid:CNNVD-202006-146

Trust: 0.7

db:PACKETSTORMid:158058

Trust: 0.7

db:CS-HELPid:SB2021042131

Trust: 0.6

db:CS-HELPid:SB2021060316

Trust: 0.6

db:AUSCERTid:ESB-2021.1338

Trust: 0.6

db:AUSCERTid:ESB-2021.0791

Trust: 0.6

db:AUSCERTid:ESB-2021.2604

Trust: 0.6

db:AUSCERTid:ESB-2021.2781

Trust: 0.6

db:AUSCERTid:ESB-2021.0925

Trust: 0.6

db:AUSCERTid:ESB-2021.0371

Trust: 0.6

db:AUSCERTid:ESB-2021.1096

Trust: 0.6

db:AUSCERTid:ESB-2021.0845

Trust: 0.6

db:AUSCERTid:ESB-2021.1893

Trust: 0.6

db:AUSCERTid:ESB-2021.1193

Trust: 0.6

db:AUSCERTid:ESB-2021.0572

Trust: 0.6

db:PACKETSTORMid:161437

Trust: 0.2

db:PACKETSTORMid:161727

Trust: 0.2

db:PACKETSTORMid:161726

Trust: 0.1

db:CNVDid:CNVD-2020-37943

Trust: 0.1

db:VULHUBid:VHN-165430

Trust: 0.1

db:VULMONid:CVE-2020-12723

Trust: 0.1

sources: VULHUB: VHN-165430 // VULMON: CVE-2020-12723 // PACKETSTORM: 162915 // PACKETSTORM: 158058 // PACKETSTORM: 161727 // PACKETSTORM: 161728 // PACKETSTORM: 162130 // PACKETSTORM: 162245 // PACKETSTORM: 161437 // CNNVD: CNNVD-202006-146 // NVD: CVE-2020-12723

REFERENCES

url:https://security.gentoo.org/glsa/202006-03

Trust: 1.8

url:https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod

Trust: 1.7

url:https://github.com/perl/perl5/compare/v5.30.2...v5.30.3

Trust: 1.7

url:https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20200611-0001/

Trust: 1.7

url:https://github.com/perl/perl5/issues/16947

Trust: 1.7

url:https://github.com/perl/perl5/issues/17743

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-12723

Trust: 1.3

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-12723

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://packetstormsecurity.com/files/161255/red-hat-security-advisory-2021-0343-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060316

Trust: 0.6

url:https://support.apple.com/en-us/ht211289

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0371/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2781

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1096

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1893

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042131

Trust: 0.6

url:https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1193

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-perl-affect-aix-cve-2020-10543-cve-2020-10878-and-cve-2020-12723/

Trust: 0.6

url:https://packetstormsecurity.com/files/161728/red-hat-security-advisory-2021-0780-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0925

Trust: 0.6

url:https://packetstormsecurity.com/files/158058/gentoo-linux-security-advisory-202006-03.html

Trust: 0.6

url:https://packetstormsecurity.com/files/161843/red-hat-security-advisory-2021-0883-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/159707/ubuntu-security-notice-usn-4602-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1338

Trust: 0.6

url:https://packetstormsecurity.com/files/162021/red-hat-security-advisory-2021-1032-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162245/red-hat-security-advisory-2021-1266-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0845

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2604

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0791

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0572

Trust: 0.6

url:https://vigilance.fr/vulnerability/perl-core-memory-corruption-via-regular-expression-s-study-chunk-32368

Trust: 0.6

url:https://packetstormsecurity.com/files/159726/ubuntu-security-notice-usn-4602-2.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162915/red-hat-security-advisory-2021-2184-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12402

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20228

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20253

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12401

Trust: 0.2

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12400

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20191

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12243

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20180

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12403

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20178

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35678

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2021:2184

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35678

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3281

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20191

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3281

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20253

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20228

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0780

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25211

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1129

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25645

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25656

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28374

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25705

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29661

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20265

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7053

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5094

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0427

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19532

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1266

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0557

Trust: 0.1

sources: VULHUB: VHN-165430 // PACKETSTORM: 162915 // PACKETSTORM: 158058 // PACKETSTORM: 161727 // PACKETSTORM: 161728 // PACKETSTORM: 162130 // PACKETSTORM: 162245 // PACKETSTORM: 161437 // CNNVD: CNNVD-202006-146 // NVD: CVE-2020-12723

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 162915 // PACKETSTORM: 161727 // PACKETSTORM: 161728 // PACKETSTORM: 162130 // PACKETSTORM: 162245 // PACKETSTORM: 161437 // CNNVD: CNNVD-202006-146

SOURCES

db:VULHUBid:VHN-165430
db:VULMONid:CVE-2020-12723
db:PACKETSTORMid:162915
db:PACKETSTORMid:158058
db:PACKETSTORMid:161727
db:PACKETSTORMid:161728
db:PACKETSTORMid:162130
db:PACKETSTORMid:162245
db:PACKETSTORMid:161437
db:CNNVDid:CNNVD-202006-146
db:NVDid:CVE-2020-12723

LAST UPDATE DATE

2024-11-23T19:30:07.431000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-165430date:2022-05-12T00:00:00
db:VULMONid:CVE-2020-12723date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202006-146date:2022-04-21T00:00:00
db:NVDid:CVE-2020-12723date:2024-11-21T05:00:08.870

SOURCES RELEASE DATE

db:VULHUBid:VHN-165430date:2020-06-05T00:00:00
db:VULMONid:CVE-2020-12723date:2020-06-05T00:00:00
db:PACKETSTORMid:162915date:2021-06-02T13:48:39
db:PACKETSTORMid:158058date:2020-06-12T14:44:55
db:PACKETSTORMid:161727date:2021-03-09T16:25:11
db:PACKETSTORMid:161728date:2021-03-09T16:26:05
db:PACKETSTORMid:162130date:2021-04-08T14:00:00
db:PACKETSTORMid:162245date:2021-04-20T16:17:10
db:PACKETSTORMid:161437date:2021-02-16T15:46:29
db:CNNVDid:CNNVD-202006-146date:2020-06-02T00:00:00
db:NVDid:CVE-2020-12723date:2020-06-05T15:15:10.800