PT-2020-3691 · Perl+9 · Perl+9

Published

2020-06-01

·

Updated

2026-03-10

·

CVE-2020-10878

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:C
Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.30.3
Description The issue is related to an integer overflow in Perl, specifically when handling a situation where "PL regkind[OP(n)] == NOTHING". This can be triggered by a crafted regular expression, potentially leading to malformed bytecode and a possibility of instruction injection. An application written in Perl is only vulnerable if it evaluates regular expressions supplied by an attacker. Evaluating regular expressions in this manner is known to be dangerous, as the regular expression engine does not protect against denial of service attacks in this scenario.
Recommendations For Perl versions prior to 5.30.3, update to version 5.30.3 or later to resolve the issue. As a temporary workaround, consider avoiding the evaluation of regular expressions supplied by attackers, or restrict the use of the vulnerable regular expression engine to minimize the risk of exploitation.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2020-2905
ALT-PU-2020-3343
ALT-PU-2020-3414
BDU:2020-04040
CESA-2021_0343
CESA-2021_1678
CVE-2020-10878
MGASA-2020-0255
OPENSUSE-SU-2020:0850-1
OPENSUSE-SU-2020_0850-1
OPENSUSE-SU-2024:11158-1
RHSA-2021:0343
RHSA-2021:0883
RHSA-2021:1032
RHSA-2021:1266
RHSA-2021:1678
RHSA-2021:2792
RHSA-2021_0343
RHSA-2021_1678
RHSA-2026:7604
RLSA-2021:1678
SUSE-SU-2020:1662-1
SUSE-SU-2020:1682-1
SUSE-SU-2020:1682-2
SUSE-SU-2020_1662-1
USN-4602-1
USN-4602-2

Affected Products

Alt Linux
Centos
Ibm Aix
Linuxmint
Perl
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu