CVE-2020-12723

Name
CVE-2020-12723
Description
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
Third Party Advisory https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
Third Party Advisory https://github.com/Perl/perl5/issues/16947
Patch https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a
Third Party Advisory https://github.com/Perl/perl5/issues/17743
Third Party Advisory https://security.netapp.com/advisory/ntap-20200611-0001/
Third Party Advisory https://security.gentoo.org/glsa/202006-03
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
Third Party Advisory https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory https://www.oracle.com/security-alerts/cpujan2021.html
MISC https://www.oracle.com/security-alerts/cpuApr2021.html
N/A https://www.oracle.com//security-alerts/cpujul2021.html
MISC https://www.oracle.com/security-alerts/cpuoct2021.html
Patch https://www.oracle.com/security-alerts/cpujan2022.html
MISC https://www.oracle.com/security-alerts/cpuapr2022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* perl >= None < 5.30.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
perl edge-main 5.30.3-r0 None fixed
perl edge-main 5.26.3-r0 None possibly vulnerable
perl edge-main 5.26.2-r1 None possibly vulnerable
perl edge-main 5.26.2-r0 None possibly vulnerable
perl edge-main 5.26.1-r0 None possibly vulnerable
perl 3.22-main 5.30.3-r0 None fixed
perl 3.22-main 5.26.3-r0 None possibly vulnerable
perl 3.22-main 5.26.2-r1 None possibly vulnerable
perl 3.22-main 5.26.2-r0 None possibly vulnerable
perl 3.22-main 5.26.1-r0 None possibly vulnerable
perl 3.21-main 5.30.3-r0 None fixed
perl 3.21-main 5.26.3-r0 None possibly vulnerable
perl 3.21-main 5.26.2-r1 None possibly vulnerable
perl 3.21-main 5.26.2-r0 None possibly vulnerable
perl 3.21-main 5.26.1-r0 None possibly vulnerable
perl 3.20-main 5.30.3-r0 None fixed
perl 3.20-main 5.26.3-r0 None possibly vulnerable
perl 3.20-main 5.26.2-r1 None possibly vulnerable
perl 3.20-main 5.26.2-r0 None possibly vulnerable
perl 3.20-main 5.26.1-r0 None possibly vulnerable
perl 3.19-main 5.30.3-r0 None fixed
perl 3.19-main 5.26.3-r0 None possibly vulnerable
perl 3.19-main 5.26.2-r1 None possibly vulnerable
perl 3.19-main 5.26.2-r0 None possibly vulnerable
perl 3.19-main 5.26.1-r0 None possibly vulnerable
perl 3.18-main 5.30.3-r0 None fixed
perl 3.17-main 5.30.3-r0 None fixed
perl 3.12-main 5.30.3-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
perl 3.11-main 5.30.3-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
perl 3.10-main 5.28.3-r0 Natanael Copa <ncopa@alpinelinux.org> fixed