Details of VAR-202006-1806

ID

VAR-202006-1806

CVE

CVE-2020-12723

TITLE

Red Hat Security Advisory 2021-1032-01

Trust: 0.1

sources: PACKETSTORM: 162021

DESCRIPTION

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:1032-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1032 Issue date: 2021-03-30 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ===================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7): Source: perl-5.16.3-294.el7_7.1.src.rpm noarch: perl-CPAN-1.9800-294.el7_7.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_7.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_7.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_7.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_7.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_7.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_7.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_7.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_7.1.noarch.rpm perl-Package-Constants-0.02-294.el7_7.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_7.1.noarch.rpm x86_64: perl-5.16.3-294.el7_7.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_7.1.x86_64.rpm perl-core-5.16.3-294.el7_7.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_7.1.i686.rpm perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-devel-5.16.3-294.el7_7.1.i686.rpm perl-devel-5.16.3-294.el7_7.1.x86_64.rpm perl-libs-5.16.3-294.el7_7.1.i686.rpm perl-libs-5.16.3-294.el7_7.1.x86_64.rpm perl-macros-5.16.3-294.el7_7.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): x86_64: perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-tests-5.16.3-294.el7_7.1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: perl-5.16.3-294.el7_7.1.src.rpm noarch: perl-CPAN-1.9800-294.el7_7.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_7.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_7.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_7.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_7.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_7.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_7.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_7.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_7.1.noarch.rpm perl-Package-Constants-0.02-294.el7_7.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_7.1.noarch.rpm ppc64: perl-5.16.3-294.el7_7.1.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_7.1.ppc64.rpm perl-core-5.16.3-294.el7_7.1.ppc64.rpm perl-debuginfo-5.16.3-294.el7_7.1.ppc.rpm perl-debuginfo-5.16.3-294.el7_7.1.ppc64.rpm perl-devel-5.16.3-294.el7_7.1.ppc.rpm perl-devel-5.16.3-294.el7_7.1.ppc64.rpm perl-libs-5.16.3-294.el7_7.1.ppc.rpm perl-libs-5.16.3-294.el7_7.1.ppc64.rpm perl-macros-5.16.3-294.el7_7.1.ppc64.rpm ppc64le: perl-5.16.3-294.el7_7.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_7.1.ppc64le.rpm perl-core-5.16.3-294.el7_7.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_7.1.ppc64le.rpm perl-devel-5.16.3-294.el7_7.1.ppc64le.rpm perl-libs-5.16.3-294.el7_7.1.ppc64le.rpm perl-macros-5.16.3-294.el7_7.1.ppc64le.rpm s390x: perl-5.16.3-294.el7_7.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_7.1.s390x.rpm perl-core-5.16.3-294.el7_7.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_7.1.s390.rpm perl-debuginfo-5.16.3-294.el7_7.1.s390x.rpm perl-devel-5.16.3-294.el7_7.1.s390.rpm perl-devel-5.16.3-294.el7_7.1.s390x.rpm perl-libs-5.16.3-294.el7_7.1.s390.rpm perl-libs-5.16.3-294.el7_7.1.s390x.rpm perl-macros-5.16.3-294.el7_7.1.s390x.rpm x86_64: perl-5.16.3-294.el7_7.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_7.1.x86_64.rpm perl-core-5.16.3-294.el7_7.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_7.1.i686.rpm perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-devel-5.16.3-294.el7_7.1.i686.rpm perl-devel-5.16.3-294.el7_7.1.x86_64.rpm perl-libs-5.16.3-294.el7_7.1.i686.rpm perl-libs-5.16.3-294.el7_7.1.x86_64.rpm perl-macros-5.16.3-294.el7_7.1.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.7): ppc64: perl-debuginfo-5.16.3-294.el7_7.1.ppc64.rpm perl-tests-5.16.3-294.el7_7.1.ppc64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_7.1.ppc64le.rpm perl-tests-5.16.3-294.el7_7.1.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_7.1.s390x.rpm perl-tests-5.16.3-294.el7_7.1.s390x.rpm x86_64: perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-tests-5.16.3-294.el7_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYGLwtdzjgjWX9erEAQh/SA/9GENjf1AD4oPsRe6GzOIPR5HIuRSixHcc RUyMNqGsQ+piL824iq37aGqtl96Dvp67BpbeHEzAWTg3bPmrsaM1eXOR5awF9wuc f99kmE2UCTzdhtp4MDBrzRFidpi1FEwqNhOa9pSZH1My6+3PDhV4XtXysgQ7SDlw HJqf3mvfPrZdGcqNoOHWWjRyoH0OodJkPFn1ZoKAXn70HCVuTa0wcng18cWd8zs1 v210iFTCFWaDZpWc69HSV56+crM3alWfW8myDBdaVq9g4iWmK51pbA9Yp4AS4Hjy 09DzL8MJ3QEJjUYoo+siaaNz8bQGyCckhbrSDOgjUjU/QXxRouN5YyjIOnO8DOBc g7Qp2fceXmt8q7dn1YOgIFXGHbjwbMYiDhs39Fn6MuT3r1+ofbj/KMWa2icL5Nje ZetQ5eI+3A+irpef4wS0xMgEgr3PkGKmuxxauoq+y7BgbqD1EDs/ItHVzQKfPdPF m7uQ2mmqdO4rasKRGB0d4pO4yFCqyf6lBqxAEjexY0hyp1JPyJolGmWpYJP6LtJ4 7eKIPjnQgxCWOySa//2xxMSDVLj088zvLGf8eq2xmwV1+cyUXWQ9dkxdyImTO9IZ W6xporFLVbxX+fajaoZQQdHj7UxGpJY3rKofgFQQleRz22JSbvKhqydR36QFBRsR WUNYnqDSxIM= =ci9w -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images. Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bug fix: * RHACM 2.0.8 images (BZ #1915461) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. * Improved analytics collection to collect the playbook status for all hosts in a playbook run 3. ========================================================================= Ubuntu Security Notice USN-4602-2 October 27, 2020 perl vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Perl. Software Description: - perl: Practical Extraction and Report Language Details: USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543) Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878) Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: perl 5.18.2-2ubuntu1.7+esm3 Ubuntu 12.04 ESM: perl 5.14.2-6ubuntu2.11 In general, a standard system update will make all the necessary changes. Description: Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of Django to address CVE-2021-3281. * Upgraded to a more recent version of autobahn to address CVE-2020-35678. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7. * Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions. * Fixed several issues related to how Tower rotates its log files. * Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales. * Fixed a bug which can cause unanticipated delays in certain playbook output. * Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data. * Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected. * Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified. * Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches. * Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5

Trust: 1.8

sources: NVD: CVE-2020-12723 // VULHUB: VHN-165430 // VULMON: CVE-2020-12723 // PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 162915 // PACKETSTORM: 161726 // PACKETSTORM: 159726 // PACKETSTORM: 161728 // PACKETSTORM: 162130 // PACKETSTORM: 159707

AFFECTED PRODUCTS

vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.1	Trust: 1.0
vendor:	oracle	model:	communications lsms	scope:	gte	version:	13.1	Trust: 1.0
vendor:	oracle	model:	communications offline mediation controller	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.4.0.1.0	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	lte	version:	16.4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	10.1	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.4.0.3.1	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	perl	model:	perl	scope:	lt	version:	5.30.3	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.3.0.0.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.5.0	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.3.0.2.1	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	lte	version:	7.7.1	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	8.2	Trust: 1.0
vendor:	oracle	model:	configuration manager	scope:	eq	version:	12.1.2.0.8	Trust: 1.0
vendor:	oracle	model:	communications lsms	scope:	lte	version:	13.4	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	10.2	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.2.0	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0

sources: NVD: CVE-2020-12723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12723
value:	HIGH
Trust: 1.0
VULHUB:	VHN-165430
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12723
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12723
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-165430
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12723
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-165430 // VULMON: CVE-2020-12723 // NVD: CVE-2020-12723

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.1

sources: VULHUB: VHN-165430 // NVD: CVE-2020-12723

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 159726 // PACKETSTORM: 159707

TYPE

arbitrary

Trust: 0.2

sources: PACKETSTORM: 159726 // PACKETSTORM: 159707

PATCH

title:	Red Hat: Moderate: perl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210557 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: perl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210343 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=babe2a0596ddd17a5ad75cd3c30c45ff	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1610	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1610	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210607 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=08f19f0be4d5dcf7486e5abcdb671477	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	visualGambasDelta	url:	https://github.com/D5n9sMatrix/visualGambasDelta	Trust: 0.1
title:	perl5283delta	url:	https://github.com/D5n9sMatrix/perl5283delta	Trust: 0.1
title:	editorGambasDelta	url:	https://github.com/D5n9sMatrix/editorGambasDelta	Trust: 0.1
title:	EditorGambasDelta	url:	https://github.com/D5n9sMatrix/EditorGambasDelta	Trust: 0.1
title:	litecoin-automation	url:	https://github.com/gzukel/litecoin-automation	Trust: 0.1
title:	-	url:	https://github.com/D5n9sMatrix/perltoc	Trust: 0.1
title:	snykout	url:	https://github.com/garethr/snykout	Trust: 0.1
title:	myapp-container-jaxrs	url:	https://github.com/akiraabe/myapp-container-jaxrs	Trust: 0.1

sources: VULMON: CVE-2020-12723

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12723	Trust: 2.0
db:	PACKETSTORM	id:	162915	Trust: 0.2
db:	PACKETSTORM	id:	159726	Trust: 0.2
db:	PACKETSTORM	id:	162021	Trust: 0.2
db:	PACKETSTORM	id:	159707	Trust: 0.2
db:	PACKETSTORM	id:	161728	Trust: 0.2
db:	PACKETSTORM	id:	161726	Trust: 0.2
db:	PACKETSTORM	id:	162130	Trust: 0.2
db:	PACKETSTORM	id:	161656	Trust: 0.2
db:	PACKETSTORM	id:	161437	Trust: 0.1
db:	PACKETSTORM	id:	161727	Trust: 0.1
db:	PACKETSTORM	id:	161255	Trust: 0.1
db:	PACKETSTORM	id:	162245	Trust: 0.1
db:	PACKETSTORM	id:	161843	Trust: 0.1
db:	CNVD	id:	CNVD-2020-37943	Trust: 0.1
db:	CNNVD	id:	CNNVD-202006-146	Trust: 0.1
db:	VULHUB	id:	VHN-165430	Trust: 0.1
db:	VULMON	id:	CVE-2020-12723	Trust: 0.1

sources: VULHUB: VHN-165430 // VULMON: CVE-2020-12723 // PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 162915 // PACKETSTORM: 161726 // PACKETSTORM: 159726 // PACKETSTORM: 161728 // PACKETSTORM: 162130 // PACKETSTORM: 159707 // NVD: CVE-2020-12723

REFERENCES

url:	https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod	Trust: 1.1
url:	https://github.com/perl/perl5/compare/v5.30.2...v5.30.3	Trust: 1.1
url:	https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20200611-0001/	Trust: 1.1
url:	https://security.gentoo.org/glsa/202006-03	Trust: 1.1
url:	https://github.com/perl/perl5/issues/16947	Trust: 1.1
url:	https://github.com/perl/perl5/issues/17743	Trust: 1.1
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14351	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-25705	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-29661	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14351	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35678	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20178	Trust: 0.2
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20191	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20253	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20228	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20180	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.2
url:	https://usn.ubuntu.com/4602-1	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20230	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29661	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3121	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15436	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3121	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35513	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20230	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15436	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35513	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2184	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0779	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://usn.ubuntu.com/4602-2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3281	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3281	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0780	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25211	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1129	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25645	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25656	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5188	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19126	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28374	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20265	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-0427	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19532	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7053	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5094	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5188	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19126	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5094	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0427	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19532	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5	Trust: 0.1

sources: VULHUB: VHN-165430 // PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 162915 // PACKETSTORM: 161726 // PACKETSTORM: 159726 // PACKETSTORM: 161728 // PACKETSTORM: 162130 // PACKETSTORM: 159707 // NVD: CVE-2020-12723

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 162915 // PACKETSTORM: 161726 // PACKETSTORM: 161728 // PACKETSTORM: 162130

SOURCES

db:	VULHUB	id:	VHN-165430
db:	VULMON	id:	CVE-2020-12723
db:	PACKETSTORM	id:	162021
db:	PACKETSTORM	id:	161656
db:	PACKETSTORM	id:	162915
db:	PACKETSTORM	id:	161726
db:	PACKETSTORM	id:	159726
db:	PACKETSTORM	id:	161728
db:	PACKETSTORM	id:	162130
db:	PACKETSTORM	id:	159707
db:	NVD	id:	CVE-2020-12723

LAST UPDATE DATE

2025-02-20T21:35:55.315000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165430	date:	2022-05-12T00:00:00
db:	VULMON	id:	CVE-2020-12723	date:	2023-11-07T00:00:00
db:	NVD	id:	CVE-2020-12723	date:	2024-11-21T05:00:08.870

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165430	date:	2020-06-05T00:00:00
db:	VULMON	id:	CVE-2020-12723	date:	2020-06-05T00:00:00
db:	PACKETSTORM	id:	162021	date:	2021-03-30T14:26:55
db:	PACKETSTORM	id:	161656	date:	2021-03-04T15:33:19
db:	PACKETSTORM	id:	162915	date:	2021-06-02T13:48:39
db:	PACKETSTORM	id:	161726	date:	2021-03-09T16:23:27
db:	PACKETSTORM	id:	159726	date:	2020-10-27T16:58:55
db:	PACKETSTORM	id:	161728	date:	2021-03-09T16:26:05
db:	PACKETSTORM	id:	162130	date:	2021-04-08T14:00:00
db:	PACKETSTORM	id:	159707	date:	2020-10-26T16:43:39
db:	NVD	id:	CVE-2020-12723	date:	2020-06-05T15:15:10.800