8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.0%
CentOS Errata and Security Advisory CESA-2021:0343
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
Security Fix(es):
perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)
perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)
perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2021-February/086050.html
Affected packages:
perl
perl-CPAN
perl-ExtUtils-CBuilder
perl-ExtUtils-Embed
perl-ExtUtils-Install
perl-IO-Zlib
perl-Locale-Maketext-Simple
perl-Module-CoreList
perl-Module-Loaded
perl-Object-Accessor
perl-Package-Constants
perl-Pod-Escapes
perl-Time-Piece
perl-core
perl-devel
perl-libs
perl-macros
perl-tests
Upstream details at:
https://access.redhat.com/errata/RHSA-2021:0343
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | perl | < 5.16.3-299.el7_9 | perl-5.16.3-299.el7_9.x86_64.rpm |
CentOS | 7 | x86_64 | perl-core | < 5.16.3-299.el7_9 | perl-core-5.16.3-299.el7_9.x86_64.rpm |
CentOS | 7 | noarch | perl-cpan | < 1.9800-299.el7_9 | perl-CPAN-1.9800-299.el7_9.noarch.rpm |
CentOS | 7 | i686 | perl-devel | < 5.16.3-299.el7_9 | perl-devel-5.16.3-299.el7_9.i686.rpm |
CentOS | 7 | x86_64 | perl-devel | < 5.16.3-299.el7_9 | perl-devel-5.16.3-299.el7_9.x86_64.rpm |
CentOS | 7 | noarch | perl-extutils-cbuilder | < 0.28.2.6-299.el7_9 | perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm |
CentOS | 7 | noarch | perl-extutils-embed | < 1.30-299.el7_9 | perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm |
CentOS | 7 | noarch | perl-extutils-install | < 1.58-299.el7_9 | perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm |
CentOS | 7 | noarch | perl-io-zlib | < 1.10-299.el7_9 | perl-IO-Zlib-1.10-299.el7_9.noarch.rpm |
CentOS | 7 | i686 | perl-libs | < 5.16.3-299.el7_9 | perl-libs-5.16.3-299.el7_9.i686.rpm |
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.0%