Heap-Based Buffer Overflow in Perl on 32-Bit Platforms
CVE-2020-10543

8.2HIGH

Key Information:

Vendor
Perl
Status
Perl
Vendor
CVE Published:
5 June 2020

Summary

A vulnerability exists in Perl prior to version 5.30.3 on 32-bit platforms that can lead to a heap-based buffer overflow. This issue arises from the way nested regular expression quantifiers are processed, which can trigger an integer overflow. Attackers can potentially exploit this vulnerability to execute arbitrary code or crash the affected application, making it crucial for users to update to the latest available version to mitigate associated risks.

References

https://security.gentoo.org/glsa/202006-03
vendor-advisoryx_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.