CVE-2020-10543

2020-06-0100:00:00

ubuntu.com

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow
because nested regular expression quantifiers have an integer overflow.
An application written in Perl would only be vulnerable to this flaw if
it evaluates regular expressions supplied by the attacker. Evaluating
regular expressions in this fashion is known to be dangerous since the
regular expression engine does not protect against denial of service
attacks in this usage scenario.
Additionally, the target system needs a sufficient amount of memory to
allocate partial expansions of the nested quantifiers prior to the
overflow occurring. This requirement is unlikely to be met on 64bit
systems.]

Bugs

<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005>

Notes

Author	Note
alexmurray	Affects 5.005 to 5.30.2

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchperl< 5.26.1-6ubuntu0.5UNKNOWN
ubuntu20.04noarchperl< 5.30.0-9ubuntu0.2UNKNOWN
ubuntu14.04noarchperl< 5.18.2-2ubuntu1.7+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchperl< 5.22.1-9ubuntu0.9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	perl	< 5.26.1-6ubuntu0.5	UNKNOWN
ubuntu	20.04	noarch	perl	< 5.30.0-9ubuntu0.2	UNKNOWN
ubuntu	14.04	noarch	perl	< 5.18.2-2ubuntu1.7+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-only	UNKNOWN
ubuntu	16.04	noarch	perl	< 5.22.1-9ubuntu0.9	UNKNOWN