PT-2020-3692 · Perl+8 · Perl+8

Published

2020-06-01

·

Updated

2026-03-10

·

CVE-2020-12723

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.30.3
Description The issue is related to a buffer overflow in the regcomp.c file due to recursive S study chunk calls when evaluating crafted regular expressions. This can lead to a denial of service. An application written in Perl is only vulnerable if it evaluates regular expressions supplied by an attacker, which is a known dangerous practice since the regular expression engine does not protect against such attacks.
Recommendations For versions prior to 5.30.3, update to version 5.30.3 or later to resolve the issue. As a temporary workaround, consider avoiding the evaluation of regular expressions supplied by attackers to minimize the risk of exploitation. Restricting the use of crafted regular expressions can also help mitigate the risk until a patch is applied.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2020-2905
ALT-PU-2020-3343
ALT-PU-2020-3414
BDU:2020-04041
CESA-2021_0343
CESA-2021_0557
CVE-2020-12723
MGASA-2020-0255
OPENSUSE-SU-2020:0850-1
OPENSUSE-SU-2020_0850-1
OPENSUSE-SU-2024:11158-1
RHSA-2021:0343
RHSA-2021:0557
RHSA-2021:0883
RHSA-2021:1032
RHSA-2021:1266
RHSA-2021:2184
RHSA-2021_0343
RHSA-2021_0557
RHSA-2026:7604
SUSE-SU-2020:1662-1
SUSE-SU-2020:1682-1
SUSE-SU-2020:1682-2
SUSE-SU-2020_1662-1
USN-4602-1
USN-4602-2

Affected Products

Alt Linux
Centos
Ibm Aix
Linuxmint
Perl
Red Hat
Red Os
Suse
Ubuntu