Buffer Overflow Vulnerability in Perl Affected by Recursive Regular Expressions
CVE-2020-12723

7.5HIGH

Key Information:

Vendor
Perl
Status
Perl
Vendor
CVE Published:
5 June 2020

Summary

The Perl programming language before version 5.30.3 contains a vulnerability in 'regcomp.c' that can lead to a buffer overflow when handling crafted regular expressions. This issue arises from the recursive calls to S_study_chunk, which may be exploited to cause unexpected behavior or crashes in applications utilizing this version of Perl. Users and developers are urged to upgrade to the latest version to mitigate potential risks associated with this vulnerability.

References

https://security.gentoo.org/glsa/202006-03
vendor-advisoryx_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.