ID

VAR-202006-1806


CVE

CVE-2020-12723


TITLE

Perl Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006179

DESCRIPTION

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.0.8 General Availability release, which fixes bugs and security issues. Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bug fix: * RHACM 2.0.8 images (BZ #1915461) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of autobahn to address CVE-2020-35678. * Upgraded to a more recent version of nginx to address CVE-2019-20372. Bug Fix(es): * Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches. * Improved analytics collection to collect the playbook status for all hosts in a playbook run 3. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. 7.4) - noarch, x86_64 3. ========================================================================== Ubuntu Security Notice USN-4602-1 October 26, 2020 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Perl. Software Description: - perl: Practical Extraction and Report Language Details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543) Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878) Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: perl 5.30.0-9ubuntu0.2 Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.5 Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.9 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0883-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0883 Issue date: 2021-03-16 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: perl-5.16.3-294.el7_6.1.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm x86_64: perl-5.16.3-294.el7_6.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm perl-core-5.16.3-294.el7_6.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.1.i686.rpm perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-devel-5.16.3-294.el7_6.1.i686.rpm perl-devel-5.16.3-294.el7_6.1.x86_64.rpm perl-libs-5.16.3-294.el7_6.1.i686.rpm perl-libs-5.16.3-294.el7_6.1.x86_64.rpm perl-macros-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-tests-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: perl-5.16.3-294.el7_6.1.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm ppc64: perl-5.16.3-294.el7_6.1.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64.rpm perl-core-5.16.3-294.el7_6.1.ppc64.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm perl-devel-5.16.3-294.el7_6.1.ppc.rpm perl-devel-5.16.3-294.el7_6.1.ppc64.rpm perl-libs-5.16.3-294.el7_6.1.ppc.rpm perl-libs-5.16.3-294.el7_6.1.ppc64.rpm perl-macros-5.16.3-294.el7_6.1.ppc64.rpm ppc64le: perl-5.16.3-294.el7_6.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm perl-core-5.16.3-294.el7_6.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-devel-5.16.3-294.el7_6.1.ppc64le.rpm perl-libs-5.16.3-294.el7_6.1.ppc64le.rpm perl-macros-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm perl-core-5.16.3-294.el7_6.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-devel-5.16.3-294.el7_6.1.s390.rpm perl-devel-5.16.3-294.el7_6.1.s390x.rpm perl-libs-5.16.3-294.el7_6.1.s390.rpm perl-libs-5.16.3-294.el7_6.1.s390x.rpm perl-macros-5.16.3-294.el7_6.1.s390x.rpm x86_64: perl-5.16.3-294.el7_6.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm perl-core-5.16.3-294.el7_6.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.1.i686.rpm perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-devel-5.16.3-294.el7_6.1.i686.rpm perl-devel-5.16.3-294.el7_6.1.x86_64.rpm perl-libs-5.16.3-294.el7_6.1.i686.rpm perl-libs-5.16.3-294.el7_6.1.x86_64.rpm perl-macros-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: perl-5.16.3-294.el7_6.1.src.rpm aarch64: perl-5.16.3-294.el7_6.1.aarch64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.aarch64.rpm perl-core-5.16.3-294.el7_6.1.aarch64.rpm perl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm perl-devel-5.16.3-294.el7_6.1.aarch64.rpm perl-libs-5.16.3-294.el7_6.1.aarch64.rpm perl-macros-5.16.3-294.el7_6.1.aarch64.rpm noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm ppc64le: perl-5.16.3-294.el7_6.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm perl-core-5.16.3-294.el7_6.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-devel-5.16.3-294.el7_6.1.ppc64le.rpm perl-libs-5.16.3-294.el7_6.1.ppc64le.rpm perl-macros-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm perl-core-5.16.3-294.el7_6.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-devel-5.16.3-294.el7_6.1.s390.rpm perl-devel-5.16.3-294.el7_6.1.s390x.rpm perl-libs-5.16.3-294.el7_6.1.s390.rpm perl-libs-5.16.3-294.el7_6.1.s390x.rpm perl-macros-5.16.3-294.el7_6.1.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: perl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm perl-tests-5.16.3-294.el7_6.1.ppc64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-tests-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-tests-5.16.3-294.el7_6.1.s390x.rpm x86_64: perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-tests-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: perl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm perl-tests-5.16.3-294.el7_6.1.aarch64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-tests-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-tests-5.16.3-294.el7_6.1.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFDHuNzjgjWX9erEAQhhNA/9GQIs+FbNQuFMBT9C+/U2BUo/umK4rSk4 Je72FDg879OTTVSXCEsyWVJc+rgh5tvEMaN/89LXmJdOFngSjN9FBK3LFOMONOgD mhr9atQAGvJyUv9pzuKLAxd4fPab365w5OeID7GFcpWKV+EoutUkr+imnkLk1jQ5 eEzk8RFk0s6ZaAg/bpxWDbeAM1rGk6XQ+eZ0mOZjqiP3qb8nCVhg6kWChcxQMsJs 5MGzXQduqmFViwIgRJ1BiRTjg8iOLQ8kPwh8DRYKKArIkNoFQeMpNGQurYWZ32mg pgLo2/anveDKgr5AhphpNC/UveyFlVc7FrvSyB4pzf11h2EJ1eXcts56fXgmOYRX UOSFI0tzFlM+TrGicY9QpVlWZaO6TFdOAog2eZjUB5iFrK+Zha//vsqXlsceFBjw j/DHO3oeV1RP353Ukg2fi4Jusrw94wfPJd++q5PiS/gI2q5MsvN4gBE7pR/jgI9I 95p20J86uiuvYHp12nMvtOYXaTGB1VZOYjEeofRnWFMR1LstC7z1KKldUS6Mxrxq A1kGH2yGx1qwrVfS9D0NeqrTrO/Tht01K0O5S13iidHm+Jg/Gv7xqvU0Ph3KVFiZ 0LTEUZ09XX5/pCzbawmb0Tyy86M97o7RIvJVdqWQXR1GNP6KrFYjDmMuAVNAc3iZ rPmCgN8s+cI=aYxA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.43

sources: NVD: CVE-2020-12723 // JVNDB: JVNDB-2020-006179 // VULHUB: VHN-165430 // PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 162915 // PACKETSTORM: 161726 // PACKETSTORM: 161727 // PACKETSTORM: 162245 // PACKETSTORM: 159707 // PACKETSTORM: 161843

AFFECTED PRODUCTS

vendor:oraclemodel:sd-wan edgescope:eqversion:9.1

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:gteversion:13.1

Trust: 1.0

vendor:oraclemodel:communications offline mediation controllerscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:gteversion:10.4.0.1.0

Trust: 1.0

vendor:oraclemodel:communications eagle application processorscope:lteversion:16.4.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:10.1

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:lteversion:10.4.0.3.1

Trust: 1.0

vendor:oraclemodel:tekelec platform distributionscope:gteversion:7.4.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:perlmodel:perlscope:ltversion:5.30.3

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:gteversion:10.3.0.0.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:lteversion:10.3.0.2.1

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:tekelec platform distributionscope:lteversion:7.7.1

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:8.2

Trust: 1.0

vendor:oraclemodel:configuration managerscope:eqversion:12.1.2.0.8

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:lteversion:13.4

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.2.0

Trust: 1.0

vendor:oraclemodel:communications eagle application processorscope:gteversion:16.1.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:the perlmodel:perlscope:eqversion:5.30.3

Trust: 0.8

sources: JVNDB: JVNDB-2020-006179 // NVD: CVE-2020-12723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12723
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006179
value: HIGH

Trust: 0.8

VULHUB: VHN-165430
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12723
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006179
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-165430
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12723
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006179
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-165430 // JVNDB: JVNDB-2020-006179 // NVD: CVE-2020-12723

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

sources: VULHUB: VHN-165430 // JVNDB: JVNDB-2020-006179 // NVD: CVE-2020-12723

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 159707

TYPE

overflow

Trust: 0.3

sources: PACKETSTORM: 162021 // PACKETSTORM: 162245 // PACKETSTORM: 161843

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006179

PATCH

title:study_chunk: avoid mutating regexp program within GOSUBurl:https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a

Trust: 0.8

title:perl5/pod/perl5303delta.podurl:https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod

Trust: 0.8

title:Segfault in S_study_chunk (regcomp.c:4870) #16947url:https://github.com/Perl/perl5/issues/16947

Trust: 0.8

title:study_chunk recursion #17743url:https://github.com/Perl/perl5/issues/17743

Trust: 0.8

title:Comparing changesurl:https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3

Trust: 0.8

sources: JVNDB: JVNDB-2020-006179

EXTERNAL IDS

db:NVDid:CVE-2020-12723

Trust: 2.7

db:JVNDBid:JVNDB-2020-006179

Trust: 0.8

db:PACKETSTORMid:162915

Trust: 0.2

db:PACKETSTORMid:162021

Trust: 0.2

db:PACKETSTORMid:159707

Trust: 0.2

db:PACKETSTORMid:161727

Trust: 0.2

db:PACKETSTORMid:161726

Trust: 0.2

db:PACKETSTORMid:161656

Trust: 0.2

db:PACKETSTORMid:162245

Trust: 0.2

db:PACKETSTORMid:161843

Trust: 0.2

db:PACKETSTORMid:159726

Trust: 0.1

db:PACKETSTORMid:161437

Trust: 0.1

db:PACKETSTORMid:161728

Trust: 0.1

db:PACKETSTORMid:162130

Trust: 0.1

db:PACKETSTORMid:161255

Trust: 0.1

db:CNVDid:CNVD-2020-37943

Trust: 0.1

db:CNNVDid:CNNVD-202006-146

Trust: 0.1

db:VULHUBid:VHN-165430

Trust: 0.1

sources: VULHUB: VHN-165430 // JVNDB: JVNDB-2020-006179 // PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 162915 // PACKETSTORM: 161726 // PACKETSTORM: 161727 // PACKETSTORM: 162245 // PACKETSTORM: 159707 // PACKETSTORM: 161843 // NVD: CVE-2020-12723

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-12723

Trust: 1.6

url:https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod

Trust: 1.1

url:https://github.com/perl/perl5/compare/v5.30.2...v5.30.3

Trust: 1.1

url:https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20200611-0001/

Trust: 1.1

url:https://security.gentoo.org/glsa/202006-03

Trust: 1.1

url:https://github.com/perl/perl5/issues/16947

Trust: 1.1

url:https://github.com/perl/perl5/issues/17743

Trust: 1.1

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12723

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-12723

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20372

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20228

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20253

Trust: 0.2

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20191

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20180

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35678

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20372

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20178

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20230

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29661

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15436

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25705

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29661

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35513

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20230

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15436

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35513

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2184

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0779

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35678

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20191

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20253

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20180

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12402

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12401

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12400

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12243

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12403

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1266

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9

Trust: 0.1

url:https://usn.ubuntu.com/4602-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0883

Trust: 0.1

sources: VULHUB: VHN-165430 // JVNDB: JVNDB-2020-006179 // PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 162915 // PACKETSTORM: 161726 // PACKETSTORM: 161727 // PACKETSTORM: 162245 // PACKETSTORM: 159707 // PACKETSTORM: 161843 // NVD: CVE-2020-12723

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 162915 // PACKETSTORM: 161726 // PACKETSTORM: 161727 // PACKETSTORM: 162245 // PACKETSTORM: 161843

SOURCES

db:VULHUBid:VHN-165430
db:JVNDBid:JVNDB-2020-006179
db:PACKETSTORMid:162021
db:PACKETSTORMid:161656
db:PACKETSTORMid:162915
db:PACKETSTORMid:161726
db:PACKETSTORMid:161727
db:PACKETSTORMid:162245
db:PACKETSTORMid:159707
db:PACKETSTORMid:161843
db:NVDid:CVE-2020-12723

LAST UPDATE DATE

2025-04-23T20:25:24.488000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-165430date:2022-05-12T00:00:00
db:JVNDBid:JVNDB-2020-006179date:2020-07-02T00:00:00
db:NVDid:CVE-2020-12723date:2024-11-21T05:00:08.870

SOURCES RELEASE DATE

db:VULHUBid:VHN-165430date:2020-06-05T00:00:00
db:JVNDBid:JVNDB-2020-006179date:2020-07-02T00:00:00
db:PACKETSTORMid:162021date:2021-03-30T14:26:55
db:PACKETSTORMid:161656date:2021-03-04T15:33:19
db:PACKETSTORMid:162915date:2021-06-02T13:48:39
db:PACKETSTORMid:161726date:2021-03-09T16:23:27
db:PACKETSTORMid:161727date:2021-03-09T16:25:11
db:PACKETSTORMid:162245date:2021-04-20T16:17:10
db:PACKETSTORMid:159707date:2020-10-26T16:43:39
db:PACKETSTORMid:161843date:2021-03-17T14:36:02
db:NVDid:CVE-2020-12723date:2020-06-05T15:15:10.800