Details of VAR-202006-1806

ID

VAR-202006-1806

CVE

CVE-2020-12723

TITLE

Perl Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006179

DESCRIPTION

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. An attacker could exploit this vulnerability to cause a denial of service or potentially execute code. Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bug fix: * RHACM 2.0.8 images (BZ #1915461) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. * Improved analytics collection to collect the playbook status for all hosts in a playbook run 3. Description: Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of Django to address CVE-2021-3281. * Upgraded to a more recent version of autobahn to address CVE-2020-35678. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7. * Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions. * Fixed several issues related to how Tower rotates its log files. * Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales. * Fixed a bug which can cause unanticipated delays in certain playbook output. * Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data. * Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected. * Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified. * Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches. * Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. 7.4) - noarch, x86_64 3. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0883-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0883 Issue date: 2021-03-16 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: perl-5.16.3-294.el7_6.1.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm x86_64: perl-5.16.3-294.el7_6.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm perl-core-5.16.3-294.el7_6.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.1.i686.rpm perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-devel-5.16.3-294.el7_6.1.i686.rpm perl-devel-5.16.3-294.el7_6.1.x86_64.rpm perl-libs-5.16.3-294.el7_6.1.i686.rpm perl-libs-5.16.3-294.el7_6.1.x86_64.rpm perl-macros-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-tests-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: perl-5.16.3-294.el7_6.1.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm ppc64: perl-5.16.3-294.el7_6.1.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64.rpm perl-core-5.16.3-294.el7_6.1.ppc64.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm perl-devel-5.16.3-294.el7_6.1.ppc.rpm perl-devel-5.16.3-294.el7_6.1.ppc64.rpm perl-libs-5.16.3-294.el7_6.1.ppc.rpm perl-libs-5.16.3-294.el7_6.1.ppc64.rpm perl-macros-5.16.3-294.el7_6.1.ppc64.rpm ppc64le: perl-5.16.3-294.el7_6.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm perl-core-5.16.3-294.el7_6.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-devel-5.16.3-294.el7_6.1.ppc64le.rpm perl-libs-5.16.3-294.el7_6.1.ppc64le.rpm perl-macros-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm perl-core-5.16.3-294.el7_6.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-devel-5.16.3-294.el7_6.1.s390.rpm perl-devel-5.16.3-294.el7_6.1.s390x.rpm perl-libs-5.16.3-294.el7_6.1.s390.rpm perl-libs-5.16.3-294.el7_6.1.s390x.rpm perl-macros-5.16.3-294.el7_6.1.s390x.rpm x86_64: perl-5.16.3-294.el7_6.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm perl-core-5.16.3-294.el7_6.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.1.i686.rpm perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-devel-5.16.3-294.el7_6.1.i686.rpm perl-devel-5.16.3-294.el7_6.1.x86_64.rpm perl-libs-5.16.3-294.el7_6.1.i686.rpm perl-libs-5.16.3-294.el7_6.1.x86_64.rpm perl-macros-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: perl-5.16.3-294.el7_6.1.src.rpm aarch64: perl-5.16.3-294.el7_6.1.aarch64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.aarch64.rpm perl-core-5.16.3-294.el7_6.1.aarch64.rpm perl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm perl-devel-5.16.3-294.el7_6.1.aarch64.rpm perl-libs-5.16.3-294.el7_6.1.aarch64.rpm perl-macros-5.16.3-294.el7_6.1.aarch64.rpm noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm ppc64le: perl-5.16.3-294.el7_6.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm perl-core-5.16.3-294.el7_6.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-devel-5.16.3-294.el7_6.1.ppc64le.rpm perl-libs-5.16.3-294.el7_6.1.ppc64le.rpm perl-macros-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm perl-core-5.16.3-294.el7_6.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-devel-5.16.3-294.el7_6.1.s390.rpm perl-devel-5.16.3-294.el7_6.1.s390x.rpm perl-libs-5.16.3-294.el7_6.1.s390.rpm perl-libs-5.16.3-294.el7_6.1.s390x.rpm perl-macros-5.16.3-294.el7_6.1.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: perl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm perl-tests-5.16.3-294.el7_6.1.ppc64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-tests-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-tests-5.16.3-294.el7_6.1.s390x.rpm x86_64: perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-tests-5.16.3-294.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: perl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm perl-tests-5.16.3-294.el7_6.1.aarch64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-tests-5.16.3-294.el7_6.1.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-tests-5.16.3-294.el7_6.1.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFDHuNzjgjWX9erEAQhhNA/9GQIs+FbNQuFMBT9C+/U2BUo/umK4rSk4 Je72FDg879OTTVSXCEsyWVJc+rgh5tvEMaN/89LXmJdOFngSjN9FBK3LFOMONOgD mhr9atQAGvJyUv9pzuKLAxd4fPab365w5OeID7GFcpWKV+EoutUkr+imnkLk1jQ5 eEzk8RFk0s6ZaAg/bpxWDbeAM1rGk6XQ+eZ0mOZjqiP3qb8nCVhg6kWChcxQMsJs 5MGzXQduqmFViwIgRJ1BiRTjg8iOLQ8kPwh8DRYKKArIkNoFQeMpNGQurYWZ32mg pgLo2/anveDKgr5AhphpNC/UveyFlVc7FrvSyB4pzf11h2EJ1eXcts56fXgmOYRX UOSFI0tzFlM+TrGicY9QpVlWZaO6TFdOAog2eZjUB5iFrK+Zha//vsqXlsceFBjw j/DHO3oeV1RP353Ukg2fi4Jusrw94wfPJd++q5PiS/gI2q5MsvN4gBE7pR/jgI9I 95p20J86uiuvYHp12nMvtOYXaTGB1VZOYjEeofRnWFMR1LstC7z1KKldUS6Mxrxq A1kGH2yGx1qwrVfS9D0NeqrTrO/Tht01K0O5S13iidHm+Jg/Gv7xqvU0Ph3KVFiZ 0LTEUZ09XX5/pCzbawmb0Tyy86M97o7RIvJVdqWQXR1GNP6KrFYjDmMuAVNAc3iZ rPmCgN8s+cI=aYxA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.34

sources: NVD: CVE-2020-12723 // JVNDB: JVNDB-2020-006179 // VULHUB: VHN-165430 // VULMON: CVE-2020-12723 // PACKETSTORM: 161656 // PACKETSTORM: 161726 // PACKETSTORM: 161728 // PACKETSTORM: 162245 // PACKETSTORM: 161437 // PACKETSTORM: 161843

AFFECTED PRODUCTS

vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.1	Trust: 1.0
vendor:	oracle	model:	communications lsms	scope:	gte	version:	13.1	Trust: 1.0
vendor:	oracle	model:	communications offline mediation controller	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.4.0.1.0	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	lte	version:	16.4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	10.1	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.4.0.3.1	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	perl	model:	perl	scope:	lt	version:	5.30.3	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.3.0.0.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.5.0	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.3.0.2.1	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	lte	version:	7.7.1	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	8.2	Trust: 1.0
vendor:	oracle	model:	configuration manager	scope:	eq	version:	12.1.2.0.8	Trust: 1.0
vendor:	oracle	model:	communications lsms	scope:	lte	version:	13.4	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	10.2	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.2.0	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	the perl	model:	perl	scope:	eq	version:	5.30.3	Trust: 0.8

sources: JVNDB: JVNDB-2020-006179 // NVD: CVE-2020-12723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12723
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006179
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202006-146
value:	HIGH
Trust: 0.6
VULHUB:	VHN-165430
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12723
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12723
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-006179
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-165430
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12723
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006179
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165430 // VULMON: CVE-2020-12723 // CNNVD: CNNVD-202006-146 // JVNDB: JVNDB-2020-006179 // NVD: CVE-2020-12723

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.9

sources: VULHUB: VHN-165430 // JVNDB: JVNDB-2020-006179 // NVD: CVE-2020-12723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-146

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-146

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006179

PATCH

title:	study_chunk: avoid mutating regexp program within GOSUB	url:	https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a	Trust: 0.8
title:	perl5/pod/perl5303delta.pod	url:	https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod	Trust: 0.8
title:	Segfault in S_study_chunk (regcomp.c:4870) #16947	url:	https://github.com/Perl/perl5/issues/16947	Trust: 0.8
title:	study_chunk recursion #17743	url:	https://github.com/Perl/perl5/issues/17743	Trust: 0.8
title:	Comparing changes	url:	https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3	Trust: 0.8
title:	Perl Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120689	Trust: 0.6
title:	Red Hat: Moderate: perl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210557 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: perl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210343 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=babe2a0596ddd17a5ad75cd3c30c45ff	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1610	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1610	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210607 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=08f19f0be4d5dcf7486e5abcdb671477	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	visualGambasDelta	url:	https://github.com/D5n9sMatrix/visualGambasDelta	Trust: 0.1
title:	perl5283delta	url:	https://github.com/D5n9sMatrix/perl5283delta	Trust: 0.1
title:	editorGambasDelta	url:	https://github.com/D5n9sMatrix/editorGambasDelta	Trust: 0.1
title:	EditorGambasDelta	url:	https://github.com/D5n9sMatrix/EditorGambasDelta	Trust: 0.1
title:	litecoin-automation	url:	https://github.com/gzukel/litecoin-automation	Trust: 0.1
title:	-	url:	https://github.com/D5n9sMatrix/perltoc	Trust: 0.1
title:	snykout	url:	https://github.com/garethr/snykout	Trust: 0.1
title:	myapp-container-jaxrs	url:	https://github.com/akiraabe/myapp-container-jaxrs	Trust: 0.1

sources: VULMON: CVE-2020-12723 // CNNVD: CNNVD-202006-146 // JVNDB: JVNDB-2020-006179

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12723	Trust: 3.2
db:	PACKETSTORM	id:	161728	Trust: 0.8
db:	PACKETSTORM	id:	161656	Trust: 0.8
db:	PACKETSTORM	id:	162245	Trust: 0.8
db:	PACKETSTORM	id:	161843	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006179	Trust: 0.8
db:	PACKETSTORM	id:	162915	Trust: 0.7
db:	PACKETSTORM	id:	159726	Trust: 0.7
db:	PACKETSTORM	id:	162021	Trust: 0.7
db:	PACKETSTORM	id:	159707	Trust: 0.7
db:	PACKETSTORM	id:	162130	Trust: 0.7
db:	PACKETSTORM	id:	161255	Trust: 0.7
db:	CNNVD	id:	CNNVD-202006-146	Trust: 0.7
db:	CS-HELP	id:	SB2021042131	Trust: 0.6
db:	CS-HELP	id:	SB2021060316	Trust: 0.6
db:	PACKETSTORM	id:	158058	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1338	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0791	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2604	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2781	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0925	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0371	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1096	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0845	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1893	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1193	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0572	Trust: 0.6
db:	PACKETSTORM	id:	161437	Trust: 0.2
db:	PACKETSTORM	id:	161726	Trust: 0.2
db:	PACKETSTORM	id:	161727	Trust: 0.1
db:	CNVD	id:	CNVD-2020-37943	Trust: 0.1
db:	VULHUB	id:	VHN-165430	Trust: 0.1
db:	VULMON	id:	CVE-2020-12723	Trust: 0.1

sources: VULHUB: VHN-165430 // VULMON: CVE-2020-12723 // PACKETSTORM: 161656 // PACKETSTORM: 161726 // PACKETSTORM: 161728 // PACKETSTORM: 162245 // PACKETSTORM: 161437 // PACKETSTORM: 161843 // CNNVD: CNNVD-202006-146 // JVNDB: JVNDB-2020-006179 // NVD: CVE-2020-12723

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 2.0
url:	https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod	Trust: 1.7
url:	https://github.com/perl/perl5/compare/v5.30.2...v5.30.3	Trust: 1.7
url:	https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20200611-0001/	Trust: 1.7
url:	https://security.gentoo.org/glsa/202006-03	Trust: 1.7
url:	https://github.com/perl/perl5/issues/16947	Trust: 1.7
url:	https://github.com/perl/perl5/issues/17743	Trust: 1.7
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12723	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://packetstormsecurity.com/files/161255/red-hat-security-advisory-2021-0343-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060316	Trust: 0.6
url:	https://support.apple.com/en-us/ht211289	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0371/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2781	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1096	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1893	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042131	Trust: 0.6
url:	https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1193	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-perl-affect-aix-cve-2020-10543-cve-2020-10878-and-cve-2020-12723/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161728/red-hat-security-advisory-2021-0780-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0925	Trust: 0.6
url:	https://packetstormsecurity.com/files/158058/gentoo-linux-security-advisory-202006-03.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161843/red-hat-security-advisory-2021-0883-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159707/ubuntu-security-notice-usn-4602-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1338	Trust: 0.6
url:	https://packetstormsecurity.com/files/162021/red-hat-security-advisory-2021-1032-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162245/red-hat-security-advisory-2021-1266-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0845	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2604	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0791	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0572	Trust: 0.6
url:	https://vigilance.fr/vulnerability/perl-core-memory-corruption-via-regular-expression-s-study-chunk-32368	Trust: 0.6
url:	https://packetstormsecurity.com/files/159726/ubuntu-security-notice-usn-4602-2.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162915/red-hat-security-advisory-2021-2184-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.5
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35678	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20178	Trust: 0.2
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20191	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20253	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20228	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20180	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20230	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29661	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3121	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15436	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29661	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3121	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35513	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20230	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15436	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35513	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0779	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3281	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3281	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0780	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1266	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0557	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0883	Trust: 0.1

sources: VULHUB: VHN-165430 // PACKETSTORM: 161656 // PACKETSTORM: 161726 // PACKETSTORM: 161728 // PACKETSTORM: 162245 // PACKETSTORM: 161437 // PACKETSTORM: 161843 // CNNVD: CNNVD-202006-146 // JVNDB: JVNDB-2020-006179 // NVD: CVE-2020-12723

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 161656 // PACKETSTORM: 161726 // PACKETSTORM: 161728 // PACKETSTORM: 162245 // PACKETSTORM: 161437 // PACKETSTORM: 161843 // CNNVD: CNNVD-202006-146

SOURCES

db:	VULHUB	id:	VHN-165430
db:	VULMON	id:	CVE-2020-12723
db:	PACKETSTORM	id:	161656
db:	PACKETSTORM	id:	161726
db:	PACKETSTORM	id:	161728
db:	PACKETSTORM	id:	162245
db:	PACKETSTORM	id:	161437
db:	PACKETSTORM	id:	161843
db:	CNNVD	id:	CNNVD-202006-146
db:	JVNDB	id:	JVNDB-2020-006179
db:	NVD	id:	CVE-2020-12723

LAST UPDATE DATE

2025-11-28T01:07:05.123000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165430	date:	2022-05-12T00:00:00
db:	VULMON	id:	CVE-2020-12723	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202006-146	date:	2022-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-006179	date:	2020-07-02T00:00:00
db:	NVD	id:	CVE-2020-12723	date:	2024-11-21T05:00:08.870

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165430	date:	2020-06-05T00:00:00
db:	VULMON	id:	CVE-2020-12723	date:	2020-06-05T00:00:00
db:	PACKETSTORM	id:	161656	date:	2021-03-04T15:33:19
db:	PACKETSTORM	id:	161726	date:	2021-03-09T16:23:27
db:	PACKETSTORM	id:	161728	date:	2021-03-09T16:26:05
db:	PACKETSTORM	id:	162245	date:	2021-04-20T16:17:10
db:	PACKETSTORM	id:	161437	date:	2021-02-16T15:46:29
db:	PACKETSTORM	id:	161843	date:	2021-03-17T14:36:02
db:	CNNVD	id:	CNNVD-202006-146	date:	2020-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-006179	date:	2020-07-02T00:00:00
db:	NVD	id:	CVE-2020-12723	date:	2020-06-05T15:15:10.800