Details of VAR-202006-1806

ID

VAR-202006-1806

CVE

CVE-2020-12723

TITLE

Red Hat Security Advisory 2021-1032-01

Trust: 0.1

sources: PACKETSTORM: 162021

DESCRIPTION

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.0.8 General Availability release, which fixes bugs and security issues. Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bug fix: * RHACM 2.0.8 images (BZ #1915461) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202006-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Perl: Multiple vulnerabilities Date: June 12, 2020 Bugs: #723792 ID: 202006-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Perl, the worst of which could result in a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/perl < 5.30.3 >= 5.30.3 Description =========== Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.30.3" References ========== [ 1 ] CVE-2020-10543 https://nvd.nist.gov/vuln/detail/CVE-2020-10543 [ 2 ] CVE-2020-10878 https://nvd.nist.gov/vuln/detail/CVE-2020-10878 [ 3 ] CVE-2020-12723 https://nvd.nist.gov/vuln/detail/CVE-2020-12723 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202006-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4602-2 October 27, 2020 perl vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Perl. Software Description: - perl: Practical Extraction and Report Language Details: USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543) Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878) Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: perl 5.18.2-2ubuntu1.7+esm3 Ubuntu 12.04 ESM: perl 5.14.2-6ubuntu2.11 In general, a standard system update will make all the necessary changes. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. 7.4) - noarch, x86_64 3. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0343-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0343 Issue date: 2021-02-02 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: perl-5.16.3-299.el7_9.src.rpm noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: perl-5.16.3-299.el7_9.src.rpm noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: perl-5.16.3-299.el7_9.src.rpm noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm ppc64: perl-5.16.3-299.el7_9.ppc64.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm perl-core-5.16.3-299.el7_9.ppc64.rpm perl-debuginfo-5.16.3-299.el7_9.ppc.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-devel-5.16.3-299.el7_9.ppc.rpm perl-devel-5.16.3-299.el7_9.ppc64.rpm perl-libs-5.16.3-299.el7_9.ppc.rpm perl-libs-5.16.3-299.el7_9.ppc64.rpm perl-macros-5.16.3-299.el7_9.ppc64.rpm ppc64le: perl-5.16.3-299.el7_9.ppc64le.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm perl-core-5.16.3-299.el7_9.ppc64le.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-devel-5.16.3-299.el7_9.ppc64le.rpm perl-libs-5.16.3-299.el7_9.ppc64le.rpm perl-macros-5.16.3-299.el7_9.ppc64le.rpm s390x: perl-5.16.3-299.el7_9.s390x.rpm perl-Time-Piece-1.20.1-299.el7_9.s390x.rpm perl-core-5.16.3-299.el7_9.s390x.rpm perl-debuginfo-5.16.3-299.el7_9.s390.rpm perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-devel-5.16.3-299.el7_9.s390.rpm perl-devel-5.16.3-299.el7_9.s390x.rpm perl-libs-5.16.3-299.el7_9.s390.rpm perl-libs-5.16.3-299.el7_9.s390x.rpm perl-macros-5.16.3-299.el7_9.s390x.rpm x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-tests-5.16.3-299.el7_9.ppc64.rpm ppc64le: perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-tests-5.16.3-299.el7_9.ppc64le.rpm s390x: perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-tests-5.16.3-299.el7_9.s390x.rpm x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: perl-5.16.3-299.el7_9.src.rpm noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k 54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2 qwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm Awac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp 42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K RerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm AKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S aoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf /LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ Ip3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73 N83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S HB63T1smQXA=Oj1P -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - aarch64, ppc64le, s390x 3

Trust: 1.8

sources: NVD: CVE-2020-12723 // VULHUB: VHN-165430 // PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 158058 // PACKETSTORM: 159726 // PACKETSTORM: 161727 // PACKETSTORM: 162245 // PACKETSTORM: 161437 // PACKETSTORM: 161255 // PACKETSTORM: 161843

AFFECTED PRODUCTS

vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.1	Trust: 1.0
vendor:	oracle	model:	communications lsms	scope:	gte	version:	13.1	Trust: 1.0
vendor:	oracle	model:	communications offline mediation controller	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.4.0.1.0	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	lte	version:	16.4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	10.1	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.4.0.3.1	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	perl	model:	perl	scope:	lt	version:	5.30.3	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.3.0.0.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.5.0	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.3.0.2.1	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	lte	version:	7.7.1	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	8.2	Trust: 1.0
vendor:	oracle	model:	configuration manager	scope:	eq	version:	12.1.2.0.8	Trust: 1.0
vendor:	oracle	model:	communications lsms	scope:	lte	version:	13.4	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	10.2	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.2.0	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0

sources: NVD: CVE-2020-12723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12723
value:	HIGH
Trust: 1.0
VULHUB:	VHN-165430
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12723
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-165430
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12723
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-165430 // NVD: CVE-2020-12723

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.1

sources: VULHUB: VHN-165430 // NVD: CVE-2020-12723

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 159726

TYPE

overflow

Trust: 0.4

sources: PACKETSTORM: 162021 // PACKETSTORM: 162245 // PACKETSTORM: 161255 // PACKETSTORM: 161843

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12723	Trust: 2.0
db:	PACKETSTORM	id:	159726	Trust: 0.2
db:	PACKETSTORM	id:	161437	Trust: 0.2
db:	PACKETSTORM	id:	162021	Trust: 0.2
db:	PACKETSTORM	id:	161727	Trust: 0.2
db:	PACKETSTORM	id:	161255	Trust: 0.2
db:	PACKETSTORM	id:	161656	Trust: 0.2
db:	PACKETSTORM	id:	162245	Trust: 0.2
db:	PACKETSTORM	id:	161843	Trust: 0.2
db:	PACKETSTORM	id:	162915	Trust: 0.1
db:	PACKETSTORM	id:	159707	Trust: 0.1
db:	PACKETSTORM	id:	161728	Trust: 0.1
db:	PACKETSTORM	id:	161726	Trust: 0.1
db:	PACKETSTORM	id:	162130	Trust: 0.1
db:	CNVD	id:	CNVD-2020-37943	Trust: 0.1
db:	CNNVD	id:	CNNVD-202006-146	Trust: 0.1
db:	VULHUB	id:	VHN-165430	Trust: 0.1
db:	PACKETSTORM	id:	158058	Trust: 0.1

sources: VULHUB: VHN-165430 // PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 158058 // PACKETSTORM: 159726 // PACKETSTORM: 161727 // PACKETSTORM: 162245 // PACKETSTORM: 161437 // PACKETSTORM: 161255 // PACKETSTORM: 161843 // NVD: CVE-2020-12723

REFERENCES

url:	https://security.gentoo.org/glsa/202006-03	Trust: 1.2
url:	https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod	Trust: 1.1
url:	https://github.com/perl/perl5/compare/v5.30.2...v5.30.3	Trust: 1.1
url:	https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20200611-0001/	Trust: 1.1
url:	https://github.com/perl/perl5/issues/16947	Trust: 1.1
url:	https://github.com/perl/perl5/issues/17743	Trust: 1.1
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20230	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29661	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3121	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15436	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29661	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3121	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35513	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20230	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15436	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35513	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://usn.ubuntu.com/4602-1	Trust: 0.1
url:	https://usn.ubuntu.com/4602-2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.1
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1266	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0557	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0343	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0883	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 162021 // PACKETSTORM: 161656 // PACKETSTORM: 161727 // PACKETSTORM: 162245 // PACKETSTORM: 161437 // PACKETSTORM: 161255 // PACKETSTORM: 161843

SOURCES

db:	VULHUB	id:	VHN-165430
db:	PACKETSTORM	id:	162021
db:	PACKETSTORM	id:	161656
db:	PACKETSTORM	id:	158058
db:	PACKETSTORM	id:	159726
db:	PACKETSTORM	id:	161727
db:	PACKETSTORM	id:	162245
db:	PACKETSTORM	id:	161437
db:	PACKETSTORM	id:	161255
db:	PACKETSTORM	id:	161843
db:	NVD	id:	CVE-2020-12723

LAST UPDATE DATE

2026-03-30T21:11:14.628000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165430	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2020-12723	date:	2024-11-21T05:00:08.870

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165430	date:	2020-06-05T00:00:00
db:	PACKETSTORM	id:	162021	date:	2021-03-30T14:26:55
db:	PACKETSTORM	id:	161656	date:	2021-03-04T15:33:19
db:	PACKETSTORM	id:	158058	date:	2020-06-12T14:44:55
db:	PACKETSTORM	id:	159726	date:	2020-10-27T16:58:55
db:	PACKETSTORM	id:	161727	date:	2021-03-09T16:25:11
db:	PACKETSTORM	id:	162245	date:	2021-04-20T16:17:10
db:	PACKETSTORM	id:	161437	date:	2021-02-16T15:46:29
db:	PACKETSTORM	id:	161255	date:	2021-02-02T16:12:23
db:	PACKETSTORM	id:	161843	date:	2021-03-17T14:36:02
db:	NVD	id:	CVE-2020-12723	date:	2020-06-05T15:15:10.800