VAR-202006-1838
Vulnerability from variot - Updated: 2026-03-09 20:40Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An attacker could exploit this vulnerability to cause a denial of service. 7.7) - ppc64, ppc64le, s390x, x86_64
-
8.2) - aarch64, noarch, ppc64le, s390x, x86_64
Bug Fix(es):
-
[perl-net-ping] wrong return value on failing DNS name lookup (BZ#1973177)
-
Improved analytics collection to collect the playbook status for all hosts in a playbook run
-
========================================================================= Ubuntu Security Notice USN-4602-2 October 27, 2020
perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Perl.
Software Description: - perl: Practical Extraction and Report Language
Details:
USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543)
Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878)
Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: perl 5.18.2-2ubuntu1.7+esm3
Ubuntu 12.04 ESM: perl 5.14.2-6ubuntu2.11
In general, a standard system update will make all the necessary changes. Description:
Security Fix(es):
- Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
- Upgraded to a more recent version of Django to address CVE-2021-3281.
- Upgraded to a more recent version of autobahn to address CVE-2020-35678.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7.
- Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions.
- Fixed several issues related to how Tower rotates its log files.
- Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales.
- Fixed a bug which can cause unanticipated delays in certain playbook output.
- Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data.
- Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected.
- Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified.
- Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
- Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Bugs fixed (https://bugzilla.redhat.com/):
1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0343-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0343 Issue date: 2021-02-02 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary:
An update for perl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
Security Fix(es):
-
perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)
-
perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)
-
perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
ppc64: perl-5.16.3-299.el7_9.ppc64.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm perl-core-5.16.3-299.el7_9.ppc64.rpm perl-debuginfo-5.16.3-299.el7_9.ppc.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-devel-5.16.3-299.el7_9.ppc.rpm perl-devel-5.16.3-299.el7_9.ppc64.rpm perl-libs-5.16.3-299.el7_9.ppc.rpm perl-libs-5.16.3-299.el7_9.ppc64.rpm perl-macros-5.16.3-299.el7_9.ppc64.rpm
ppc64le: perl-5.16.3-299.el7_9.ppc64le.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm perl-core-5.16.3-299.el7_9.ppc64le.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-devel-5.16.3-299.el7_9.ppc64le.rpm perl-libs-5.16.3-299.el7_9.ppc64le.rpm perl-macros-5.16.3-299.el7_9.ppc64le.rpm
s390x: perl-5.16.3-299.el7_9.s390x.rpm perl-Time-Piece-1.20.1-299.el7_9.s390x.rpm perl-core-5.16.3-299.el7_9.s390x.rpm perl-debuginfo-5.16.3-299.el7_9.s390.rpm perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-devel-5.16.3-299.el7_9.s390.rpm perl-devel-5.16.3-299.el7_9.s390x.rpm perl-libs-5.16.3-299.el7_9.s390.rpm perl-libs-5.16.3-299.el7_9.s390x.rpm perl-macros-5.16.3-299.el7_9.s390x.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-tests-5.16.3-299.el7_9.ppc64.rpm
ppc64le: perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-tests-5.16.3-299.el7_9.ppc64le.rpm
s390x: perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-tests-5.16.3-299.el7_9.s390x.rpm
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k 54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2 qwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm Awac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp 42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K RerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm AKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S aoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf /LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ Ip3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73 N83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S HB63T1smQXA=Oj1P -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"_id": null,
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"_id": null,
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"_id": null,
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.1.0"
},
{
"_id": null,
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"_id": null,
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.3.1"
},
{
"_id": null,
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"_id": null,
"model": "perl",
"scope": "lt",
"trust": 1.0,
"vendor": "perl",
"version": "5.30.3"
},
{
"_id": null,
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.7"
},
{
"_id": null,
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.9"
},
{
"_id": null,
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.0.0"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"_id": null,
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.2.1"
},
{
"_id": null,
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"_id": null,
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"_id": null,
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.8"
},
{
"_id": null,
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.8"
},
{
"_id": null,
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.2.0"
},
{
"_id": null,
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "161255"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10543",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10543",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-163032",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10543",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10543",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163032",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10543",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"description": {
"_id": null,
"data": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An attacker could exploit this vulnerability to cause a denial of service. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* [perl-net-ping] wrong return value on failing DNS name lookup\n(BZ#1973177)\n\n4. \n* Improved analytics collection to collect the playbook status for all\nhosts in a playbook run\n\n3. =========================================================================\nUbuntu Security Notice USN-4602-2\nOctober 27, 2020\n\nperl vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nUSN-4602-1 fixed several vulnerabilities in Perl. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\n\nOriginal advisory details:\n\n ManhND discovered that Perl incorrectly handled certain regular\n expressions. In environments where untrusted regular expressions are\n evaluated, a remote attacker could possibly use this issue to cause Perl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2020-10543)\n\n Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly\n handled certain regular expressions. In environments where untrusted\n regular expressions are evaluated, a remote attacker could possibly use\n this issue to cause Perl to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2020-10878)\n\n Sergey Aleynikov discovered that Perl incorrectly handled certain regular\n expressions. In environments where untrusted regular expressions are\n evaluated, a remote attacker could possibly use this issue to cause Perl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2020-12723)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n perl 5.18.2-2ubuntu1.7+esm3\n\nUbuntu 12.04 ESM:\n perl 5.14.2-6ubuntu2.11\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of Django to address CVE-2021-3281. \n* Upgraded to a more recent version of autobahn to address CVE-2020-35678. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Upgraded to the latest oVirt inventory plugin to resolve a number of\ninventory syncing issues that can occur on RHEL7. \n* Upgraded to the latest theforeman.foreman inventory plugin to resolve a\nfew bugs and performance regressions. \n* Fixed several issues related to how Tower rotates its log files. \n* Fixed a bug which can prevent Tower from installing on RHEL8 with certain\nnon-en_US.UTF-8 locales. \n* Fixed a bug which can cause unanticipated delays in certain playbook\noutput. \n* Fixed a bug which can cause job runs to fail for playbooks that print\ncertain types of raw binary data. \n* Fixed a bug which can cause unnecessary records in the Activity Stream\nwhen Automation Analytics data is collected. \n* Fixed a bug which can cause Tower PostgreSQL backups to fail when a\nnon-default PostgreSQL username is specified. \n* Fixed a bug which can intermittently cause access to encrypted Tower\nsettings to fail, resulting in failed job launches. \n* Fixed a bug which can cause certain long-running jobs running on isolated\nnodes to unexpectedly fail. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract()\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: perl security update\nAdvisory ID: RHSA-2021:0343-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0343\nIssue date: 2021-02-02\nCVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723\n====================================================================\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to\nDoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to recursive S_study_chunk() calls leads to DoS\n(CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nppc64:\nperl-5.16.3-299.el7_9.ppc64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm\nperl-core-5.16.3-299.el7_9.ppc64.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-devel-5.16.3-299.el7_9.ppc.rpm\nperl-devel-5.16.3-299.el7_9.ppc64.rpm\nperl-libs-5.16.3-299.el7_9.ppc.rpm\nperl-libs-5.16.3-299.el7_9.ppc64.rpm\nperl-macros-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-5.16.3-299.el7_9.ppc64le.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm\nperl-core-5.16.3-299.el7_9.ppc64le.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-devel-5.16.3-299.el7_9.ppc64le.rpm\nperl-libs-5.16.3-299.el7_9.ppc64le.rpm\nperl-macros-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-5.16.3-299.el7_9.s390x.rpm\nperl-Time-Piece-1.20.1-299.el7_9.s390x.rpm\nperl-core-5.16.3-299.el7_9.s390x.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-devel-5.16.3-299.el7_9.s390.rpm\nperl-devel-5.16.3-299.el7_9.s390x.rpm\nperl-libs-5.16.3-299.el7_9.s390.rpm\nperl-libs-5.16.3-299.el7_9.s390x.rpm\nperl-macros-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-tests-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-tests-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-tests-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k\n54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2\nqwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm\nAwac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp\n42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K\nRerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm\nAKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S\naoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf\n/LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ\nIp3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73\nN83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S\nHB63T1smQXA=Oj1P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10543"
},
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "159726"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "159707"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10543",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "159726",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162021",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159707",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161728",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161726",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161255",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158058",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161656",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162245",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161843",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-37944",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163032",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10543",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163586",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "159726"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"id": "VAR-202006-1838",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:40:36.276000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Red Hat: Moderate: perl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210343 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=babe2a0596ddd17a5ad75cd3c30c45ff"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1610",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1610"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210607 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=08f19f0be4d5dcf7486e5abcdb671477"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "visualGambasDelta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/visualGambasDelta "
},
{
"title": "perl5283delta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/perl5283delta "
},
{
"title": "editorGambasDelta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/editorGambasDelta "
},
{
"title": "EditorGambasDelta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/EditorGambasDelta "
},
{
"title": "CICD_CloudBuild_01",
"trust": 0.1,
"url": "https://github.com/pbavinck/CICD_CloudBuild_01 "
},
{
"title": "gcr-kritis-signer",
"trust": 0.1,
"url": "https://github.com/binxio/gcr-kritis-signer "
},
{
"title": "gcp-kritis-signer",
"trust": 0.1,
"url": "https://github.com/binxio/gcp-kritis-signer "
},
{
"title": "litecoin-automation",
"trust": 0.1,
"url": "https://github.com/gzukel/litecoin-automation "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/perltoc "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
},
{
"title": "snykout",
"trust": 0.1,
"url": "https://github.com/garethr/snykout "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10543"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.3,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35678"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20178"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20191"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20253"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20372"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20180"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4602-1"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2792"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0779"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4602-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0780"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0343"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "159726"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163032",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-10543",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162021",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163586",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161726",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159726",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161727",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161728",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161255",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159707",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10543",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-163032",
"ident": null
},
{
"date": "2020-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10543",
"ident": null
},
{
"date": "2021-03-30T14:26:55",
"db": "PACKETSTORM",
"id": "162021",
"ident": null
},
{
"date": "2021-07-21T16:03:08",
"db": "PACKETSTORM",
"id": "163586",
"ident": null
},
{
"date": "2021-03-09T16:23:27",
"db": "PACKETSTORM",
"id": "161726",
"ident": null
},
{
"date": "2020-10-27T16:58:55",
"db": "PACKETSTORM",
"id": "159726",
"ident": null
},
{
"date": "2021-03-09T16:25:11",
"db": "PACKETSTORM",
"id": "161727",
"ident": null
},
{
"date": "2021-03-09T16:26:05",
"db": "PACKETSTORM",
"id": "161728",
"ident": null
},
{
"date": "2021-02-02T16:12:23",
"db": "PACKETSTORM",
"id": "161255",
"ident": null
},
{
"date": "2020-10-26T16:43:39",
"db": "PACKETSTORM",
"id": "159707",
"ident": null
},
{
"date": "2020-06-05T14:15:10.467000",
"db": "NVD",
"id": "CVE-2020-10543",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-163032",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10543",
"ident": null
},
{
"date": "2024-11-21T04:55:32.927000",
"db": "NVD",
"id": "CVE-2020-10543",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159726"
},
{
"db": "PACKETSTORM",
"id": "159707"
}
],
"trust": 0.2
},
"title": {
"_id": null,
"data": "Red Hat Security Advisory 2021-1032-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "162021"
}
],
"trust": 0.1
},
"type": {
"_id": null,
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "161255"
}
],
"trust": 0.3
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.