Details of VAR-202006-1838

ID

VAR-202006-1838

CVE

CVE-2020-10543

TITLE

Perl Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006177

DESCRIPTION

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Perl Is vulnerable to out-of-bounds writes.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. An attacker could exploit this vulnerability to cause a denial of service. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.0.8 General Availability release, which fixes bugs and security issues. Description: Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images. Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bug fix: * RHACM 2.0.8 images (BZ #1915461) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. Bug Fix(es): * [perl-net-ping] wrong return value on failing DNS name lookup (BZ#1973177) 4. Description: Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of autobahn to address CVE-2020-35678. * Upgraded to a more recent version of nginx to address CVE-2019-20372. Bug Fix(es): * Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches. * Improved analytics collection to collect the playbook status for all hosts in a playbook run 3. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. ========================================================================== Ubuntu Security Notice USN-4602-1 October 26, 2020 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Perl. Software Description: - perl: Practical Extraction and Report Language Details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543) Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878) Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: perl 5.30.0-9ubuntu0.2 Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.5 Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.9 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0883-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0883 Issue date: 2021-03-16 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543) * perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878) * perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: perl-5.16.3-294.el7_6.1.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm x86_64: perl-5.16.3-294.el7_6.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm perl-core-5.16.3-294.el7_6.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.1.i686.rpm perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-devel-5.16.3-294.el7_6.1.i686.rpm perl-devel-5.16.3-294.el7_6.1.x86_64.rpm perl-libs-5.16.3-294.el7_6.1.i686.rpm perl-libs-5.16.3-294.el7_6.1.x86_64.rpm perl-macros-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-tests-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: perl-5.16.3-294.el7_6.1.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm ppc64: perl-5.16.3-294.el7_6.1.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64.rpm perl-core-5.16.3-294.el7_6.1.ppc64.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm perl-devel-5.16.3-294.el7_6.1.ppc.rpm perl-devel-5.16.3-294.el7_6.1.ppc64.rpm perl-libs-5.16.3-294.el7_6.1.ppc.rpm perl-libs-5.16.3-294.el7_6.1.ppc64.rpm perl-macros-5.16.3-294.el7_6.1.ppc64.rpm ppc64le: perl-5.16.3-294.el7_6.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm perl-core-5.16.3-294.el7_6.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-devel-5.16.3-294.el7_6.1.ppc64le.rpm perl-libs-5.16.3-294.el7_6.1.ppc64le.rpm perl-macros-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm perl-core-5.16.3-294.el7_6.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-devel-5.16.3-294.el7_6.1.s390.rpm perl-devel-5.16.3-294.el7_6.1.s390x.rpm perl-libs-5.16.3-294.el7_6.1.s390.rpm perl-libs-5.16.3-294.el7_6.1.s390x.rpm perl-macros-5.16.3-294.el7_6.1.s390x.rpm x86_64: perl-5.16.3-294.el7_6.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm perl-core-5.16.3-294.el7_6.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.1.i686.rpm perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-devel-5.16.3-294.el7_6.1.i686.rpm perl-devel-5.16.3-294.el7_6.1.x86_64.rpm perl-libs-5.16.3-294.el7_6.1.i686.rpm perl-libs-5.16.3-294.el7_6.1.x86_64.rpm perl-macros-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: perl-5.16.3-294.el7_6.1.src.rpm aarch64: perl-5.16.3-294.el7_6.1.aarch64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.aarch64.rpm perl-core-5.16.3-294.el7_6.1.aarch64.rpm perl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm perl-devel-5.16.3-294.el7_6.1.aarch64.rpm perl-libs-5.16.3-294.el7_6.1.aarch64.rpm perl-macros-5.16.3-294.el7_6.1.aarch64.rpm noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm ppc64le: perl-5.16.3-294.el7_6.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm perl-core-5.16.3-294.el7_6.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-devel-5.16.3-294.el7_6.1.ppc64le.rpm perl-libs-5.16.3-294.el7_6.1.ppc64le.rpm perl-macros-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm perl-core-5.16.3-294.el7_6.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-devel-5.16.3-294.el7_6.1.s390.rpm perl-devel-5.16.3-294.el7_6.1.s390x.rpm perl-libs-5.16.3-294.el7_6.1.s390.rpm perl-libs-5.16.3-294.el7_6.1.s390x.rpm perl-macros-5.16.3-294.el7_6.1.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: perl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm perl-tests-5.16.3-294.el7_6.1.ppc64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-tests-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-tests-5.16.3-294.el7_6.1.s390x.rpm x86_64: perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-tests-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: perl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm perl-tests-5.16.3-294.el7_6.1.aarch64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-tests-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-tests-5.16.3-294.el7_6.1.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFDHuNzjgjWX9erEAQhhNA/9GQIs+FbNQuFMBT9C+/U2BUo/umK4rSk4 Je72FDg879OTTVSXCEsyWVJc+rgh5tvEMaN/89LXmJdOFngSjN9FBK3LFOMONOgD mhr9atQAGvJyUv9pzuKLAxd4fPab365w5OeID7GFcpWKV+EoutUkr+imnkLk1jQ5 eEzk8RFk0s6ZaAg/bpxWDbeAM1rGk6XQ+eZ0mOZjqiP3qb8nCVhg6kWChcxQMsJs 5MGzXQduqmFViwIgRJ1BiRTjg8iOLQ8kPwh8DRYKKArIkNoFQeMpNGQurYWZ32mg pgLo2/anveDKgr5AhphpNC/UveyFlVc7FrvSyB4pzf11h2EJ1eXcts56fXgmOYRX UOSFI0tzFlM+TrGicY9QpVlWZaO6TFdOAog2eZjUB5iFrK+Zha//vsqXlsceFBjw j/DHO3oeV1RP353Ukg2fi4Jusrw94wfPJd++q5PiS/gI2q5MsvN4gBE7pR/jgI9I 95p20J86uiuvYHp12nMvtOYXaTGB1VZOYjEeofRnWFMR1LstC7z1KKldUS6Mxrxq A1kGH2yGx1qwrVfS9D0NeqrTrO/Tht01K0O5S13iidHm+Jg/Gv7xqvU0Ph3KVFiZ 0LTEUZ09XX5/pCzbawmb0Tyy86M97o7RIvJVdqWQXR1GNP6KrFYjDmMuAVNAc3iZ rPmCgN8s+cI=aYxA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.25

sources: NVD: CVE-2020-10543 // JVNDB: JVNDB-2020-006177 // VULHUB: VHN-163032 // PACKETSTORM: 162650 // PACKETSTORM: 161656 // PACKETSTORM: 163586 // PACKETSTORM: 161726 // PACKETSTORM: 159707 // PACKETSTORM: 161843

AFFECTED PRODUCTS

vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.1	Trust: 1.0
vendor:	oracle	model:	communications lsms	scope:	gte	version:	13.1	Trust: 1.0
vendor:	oracle	model:	communications offline mediation controller	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	communications pricing design center	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.4.0.1.0	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	lte	version:	16.4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	10.1	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.4.0.3.1	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	perl	model:	perl	scope:	lt	version:	5.30.3	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	46.7	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	46.9	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.3.0.0.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.5.0	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.3.0.2.1	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	lte	version:	7.7.1	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	8.2	Trust: 1.0
vendor:	oracle	model:	configuration manager	scope:	eq	version:	12.1.2.0.8	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	46.8	Trust: 1.0
vendor:	oracle	model:	communications lsms	scope:	lte	version:	13.4	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	10.2	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.2.0	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	the perl	model:	perl	scope:	eq	version:	5.30.3	Trust: 0.8

sources: JVNDB: JVNDB-2020-006177 // NVD: CVE-2020-10543

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10543
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006177
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202006-145
value:	HIGH
Trust: 0.6
VULHUB:	VHN-163032
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10543
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006177
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-163032
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-10543
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006177
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-163032 // JVNDB: JVNDB-2020-006177 // CNNVD: CNNVD-202006-145 // NVD: CVE-2020-10543

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.9
problemtype:	CWE-190	Trust: 1.1

sources: VULHUB: VHN-163032 // JVNDB: JVNDB-2020-006177 // NVD: CVE-2020-10543

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 159707 // CNNVD: CNNVD-202006-145

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-145

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006177

PATCH

title:	FEDORA-2020-fd73c08076	url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/	Trust: 0.8
title:	regcomp.c: Prevent integer overflow from nested regex quantifiers.	url:	https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed	Trust: 0.8
title:	perl5/pod/perl5303delta.pod	url:	https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod	Trust: 0.8
title:	Comparing changes	url:	https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3	Trust: 0.8
title:	Perl Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122040	Trust: 0.6

sources: JVNDB: JVNDB-2020-006177 // CNNVD: CNNVD-202006-145

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10543	Trust: 3.1
db:	PACKETSTORM	id:	162650	Trust: 0.8
db:	PACKETSTORM	id:	159707	Trust: 0.8
db:	PACKETSTORM	id:	161656	Trust: 0.8
db:	PACKETSTORM	id:	161843	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006177	Trust: 0.8
db:	PACKETSTORM	id:	159726	Trust: 0.7
db:	PACKETSTORM	id:	162021	Trust: 0.7
db:	PACKETSTORM	id:	162877	Trust: 0.7
db:	PACKETSTORM	id:	158058	Trust: 0.7
db:	PACKETSTORM	id:	161728	Trust: 0.7
db:	PACKETSTORM	id:	161255	Trust: 0.7
db:	PACKETSTORM	id:	162837	Trust: 0.7
db:	PACKETSTORM	id:	162245	Trust: 0.7
db:	PACKETSTORM	id:	163188	Trust: 0.7
db:	CNNVD	id:	CNNVD-202006-145	Trust: 0.7
db:	PACKETSTORM	id:	163586	Trust: 0.7
db:	CS-HELP	id:	SB2021042131	Trust: 0.6
db:	CS-HELP	id:	SB2021052031	Trust: 0.6
db:	CS-HELP	id:	SB2021072136	Trust: 0.6
db:	CS-HELP	id:	SB2021092220	Trust: 0.6
db:	CS-HELP	id:	SB2021072268	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1338	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0791	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2604	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2781	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0925	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1725	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0371	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1096	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2180	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0845	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1820	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1866	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2469	Trust: 0.6
db:	PACKETSTORM	id:	161726	Trust: 0.2
db:	PACKETSTORM	id:	161727	Trust: 0.1
db:	CNVD	id:	CNVD-2020-37944	Trust: 0.1
db:	VULHUB	id:	VHN-163032	Trust: 0.1

sources: VULHUB: VHN-163032 // JVNDB: JVNDB-2020-006177 // PACKETSTORM: 162650 // PACKETSTORM: 161656 // PACKETSTORM: 163586 // PACKETSTORM: 161726 // PACKETSTORM: 159707 // PACKETSTORM: 161843 // CNNVD: CNNVD-202006-145 // NVD: CVE-2020-10543

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 2.0
url:	https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod	Trust: 1.7
url:	https://github.com/perl/perl5/compare/v5.30.2...v5.30.3	Trust: 1.7
url:	https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20200611-0001/	Trust: 1.7
url:	https://security.gentoo.org/glsa/202006-03	Trust: 1.7
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10543	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.6
url:	https://packetstormsecurity.com/files/162650/red-hat-security-advisory-2021-1678-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161255/red-hat-security-advisory-2021-0343-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1866	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1820	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072268	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1725	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052031	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0371/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2781	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1096	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042131	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2180	Trust: 0.6
url:	https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujul2021.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-perl-affect-aix-cve-2020-10543-cve-2020-10878-and-cve-2020-12723/	Trust: 0.6
url:	https://packetstormsecurity.com/files/163188/red-hat-security-advisory-2021-2461-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161728/red-hat-security-advisory-2021-0780-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0925	Trust: 0.6
url:	https://packetstormsecurity.com/files/158058/gentoo-linux-security-advisory-202006-03.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161843/red-hat-security-advisory-2021-0883-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159707/ubuntu-security-notice-usn-4602-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1338	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092220	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072136	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2469	Trust: 0.6
url:	https://packetstormsecurity.com/files/162021/red-hat-security-advisory-2021-1032-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162245/red-hat-security-advisory-2021-1266-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0845	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2604	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0791	Trust: 0.6
url:	https://packetstormsecurity.com/files/162837/red-hat-security-advisory-2021-2136-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162877/red-hat-security-advisory-2021-2121-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/163586/red-hat-security-advisory-2021-2792-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159726/ubuntu-security-notice-usn-4602-2.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/perl-core-buffer-overflow-via-nested-regular-expression-quantifiers-32365	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.5
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1678	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20230	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29661	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3121	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15436	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29661	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3121	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35513	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20230	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15436	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35513	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2792	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0779	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20178	Trust: 0.1
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20191	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20253	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20180	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9	Trust: 0.1
url:	https://usn.ubuntu.com/4602-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0883	Trust: 0.1

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 162650 // PACKETSTORM: 161656 // PACKETSTORM: 163586 // PACKETSTORM: 161726 // PACKETSTORM: 161843 // CNNVD: CNNVD-202006-145

SOURCES

db:	VULHUB	id:	VHN-163032
db:	JVNDB	id:	JVNDB-2020-006177
db:	PACKETSTORM	id:	162650
db:	PACKETSTORM	id:	161656
db:	PACKETSTORM	id:	163586
db:	PACKETSTORM	id:	161726
db:	PACKETSTORM	id:	159707
db:	PACKETSTORM	id:	161843
db:	CNNVD	id:	CNNVD-202006-145
db:	NVD	id:	CVE-2020-10543

LAST UPDATE DATE

2025-04-23T20:56:34.935000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-163032	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-006177	date:	2020-07-02T00:00:00
db:	CNNVD	id:	CNNVD-202006-145	date:	2022-04-21T00:00:00
db:	NVD	id:	CVE-2020-10543	date:	2024-11-21T04:55:32.927

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-163032	date:	2020-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-006177	date:	2020-07-02T00:00:00
db:	PACKETSTORM	id:	162650	date:	2021-05-19T14:04:40
db:	PACKETSTORM	id:	161656	date:	2021-03-04T15:33:19
db:	PACKETSTORM	id:	163586	date:	2021-07-21T16:03:08
db:	PACKETSTORM	id:	161726	date:	2021-03-09T16:23:27
db:	PACKETSTORM	id:	159707	date:	2020-10-26T16:43:39
db:	PACKETSTORM	id:	161843	date:	2021-03-17T14:36:02
db:	CNNVD	id:	CNNVD-202006-145	date:	2020-06-02T00:00:00
db:	NVD	id:	CVE-2020-10543	date:	2020-06-05T14:15:10.467