First published: Fri Jun 05 2020(Updated: )
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
Credit: Hugo van der Sanden Slaven Rezic cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS Catalina | <10.15.6 | 10.15.6 |
Apple Mojave | ||
Apple High Sierra | ||
Perl Perl | <5.30.3 | |
Fedoraproject Fedora | =31 | |
openSUSE Leap | =15.1 | |
NetApp OnCommand Workflow Automation | ||
NetApp Snap Creator Framework | ||
Oracle Communications Billing and Revenue Management | =12.0.0.2.0 | |
Oracle Communications Billing and Revenue Management | =12.0.0.3.0 | |
Oracle Communications Diameter Signaling Router | >=8.0.0<=8.5.0 | |
Oracle Communications EAGLE Application Processor | >=16.1.0<=16.4.0 | |
Oracle Communications Eagle Lnp Application Processor | =10.1 | |
Oracle Communications Eagle Lnp Application Processor | =10.2 | |
Oracle Communications Eagle Lnp Application Processor | =46.7 | |
Oracle Communications Eagle Lnp Application Processor | =46.8 | |
Oracle Communications Eagle Lnp Application Processor | =46.9 | |
Oracle Communications Lsms | >=13.1<=13.4 | |
Oracle Communications Offline Mediation Controller | =12.0.0.3.0 | |
Oracle Communications Performance Intelligence Center | >=10.3.0.0.0<=10.3.0.2.1 | |
Oracle Communications Performance Intelligence Center | >=10.4.0.1.0<=10.4.0.3.1 | |
Oracle Communications Pricing Design Center | =12.0.0.3.0 | |
Oracle Configuration Manager | =12.1.2.0.8 | |
Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
Oracle SD-WAN Aware | =8.2 | |
Oracle SD-WAN Aware | =9.0 | |
Oracle SD-WAN Aware | =9.1 | |
Oracle Tekelec Platform Distribution | >=7.4.0<=7.7.1 | |
IBM Cloud Pak for Security (CP4S) | <=1.6.0.1 | |
IBM Cloud Pak for Security (CP4S) | <=1.6.0.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.5.0.1 | |
IBM Cloud Pak for Security (CP4S) | <=1.5.0.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2020-10878 is a vulnerability in Perl that has been addressed with improved checks.
macOS Catalina version 10.15.6, Apple Mojave, and Apple High Sierra are affected by CVE-2020-10878.
Update to macOS Catalina version 10.15.6 or apply the necessary patches provided by Apple to fix CVE-2020-10878.
You can find more information about CVE-2020-10878 on the official Apple support website at: https://support.apple.com/en-us/HT211289
The CWE ID associated with CVE-2020-10878 is CWE-190.