First published: Fri Jun 05 2020(Updated: )
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Perl Perl | <5.30.3 | |
Fedoraproject Fedora | =31 | |
openSUSE Leap | =15.1 | |
Oracle Communications Billing and Revenue Management | =12.0.0.2.0 | |
Oracle Communications Billing and Revenue Management | =12.0.0.3.0 | |
Oracle Communications Diameter Signaling Router | >=8.0.0<=8.5.0 | |
Oracle Communications EAGLE Application Processor | >=16.1.0<=16.4.0 | |
Oracle Communications Eagle Lnp Application Processor | =10.1 | |
Oracle Communications Eagle Lnp Application Processor | =10.2 | |
Oracle Communications Eagle Lnp Application Processor | =46.7 | |
Oracle Communications Eagle Lnp Application Processor | =46.8 | |
Oracle Communications Eagle Lnp Application Processor | =46.9 | |
Oracle Communications Lsms | >=13.1<=13.4 | |
Oracle Communications Offline Mediation Controller | =12.0.0.3.0 | |
Oracle Communications Performance Intelligence Center | >=10.3.0.0.0<=10.3.0.2.1 | |
Oracle Communications Performance Intelligence Center | >=10.4.0.1.0<=10.4.0.3.1 | |
Oracle Communications Pricing Design Center | =12.0.0.3.0 | |
Oracle Configuration Manager | =12.1.2.0.8 | |
Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
Oracle SD-WAN Edge | =8.2 | |
Oracle SD-WAN Edge | =9.0 | |
Oracle SD-WAN Edge | =9.1 | |
Oracle Tekelec Platform Distribution | >=7.4.0<=7.7.1 | |
IBM Cloud Pak for Security (CP4S) | <=1.6.0.1 | |
IBM Cloud Pak for Security (CP4S) | <=1.6.0.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.5.0.1 | |
IBM Cloud Pak for Security (CP4S) | <=1.5.0.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-10543.
The severity of CVE-2020-10543 is critical with a score of 9.8.
CVE-2020-10543 affects Perl before 5.30.3 on 32-bit platforms, IBM BM Security Guardium 11.3, IBM Security Guardium 11.4 and 11.5, Fedora 31, openSUSE Leap 15.1, and various Oracle products.
A remote attacker can exploit CVE-2020-10543 by sending a specially-crafted request, causing a heap-based buffer overflow and potentially executing arbitrary code on the system.
Yes, you can find references for CVE-2020-10543 at the following links: [Link 1](http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html), [Link 2](https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod), [Link 3](https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3).