{"id":"CVE-2020-10878","details":"Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.","modified":"2026-05-16T03:55:02.895874430Z","published":"2020-06-05T14:15:10.527Z","related":["SUSE-SU-2020:1662-1","SUSE-SU-2020:1682-1","SUSE-SU-2020:1682-2","openSUSE-SU-2020:0850-1","openSUSE-SU-2024:11158-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"31"}],"source":"CPE_FIELD","vendor_product":"fedoraproject:fedora"},{"cpes":["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"15.1"}],"source":"CPE_FIELD","vendor_product":"opensuse:leap"},{"cpes":["cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"12.0.0.2.0"},{"last_affected":"12.0.0.3.0"}],"source":"CPE_FIELD","vendor_product":"oracle:communications_billing_and_revenue_management"},{"cpes":["cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"8.0.0"},{"last_affected":"8.5.0"}],"source":"CPE_FIELD","vendor_product":"oracle:communications_diameter_signaling_router"},{"cpes":["cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"16.1.0"},{"last_affected":"16.4.0"}],"source":"CPE_FIELD","vendor_product":"oracle:communications_eagle_application_processor"},{"cpes":["cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"10.1"},{"last_affected":"10.2"},{"last_affected":"46.7"},{"last_affected":"46.8"},{"last_affected":"46.9"}],"source":"CPE_FIELD","vendor_product":"oracle:communications_eagle_lnp_application_processor"},{"cpes":["cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"13.1"},{"last_affected":"13.4"}],"source":"CPE_FIELD","vendor_product":"oracle:communications_lsms"},{"cpes":["cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"12.0.0.3.0"}],"source":"CPE_FIELD","vendor_product":"oracle:communications_offline_mediation_controller"},{"cpes":["cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"10.3.0.0.0"},{"last_affected":"10.3.0.2.1"},{"introduced":"10.4.0.1.0"},{"last_affected":"10.4.0.3.1"}],"source":"CPE_FIELD","vendor_product":"oracle:communications_performance_intelligence_center"},{"cpes":["cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"12.0.0.3.0"}],"source":"CPE_FIELD","vendor_product":"oracle:communications_pricing_design_center"},{"cpes":["cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"12.1.2.0.8"}],"source":"CPE_FIELD","vendor_product":"oracle:configuration_manager"},{"cpes":["cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"13.4.0.0"}],"source":"CPE_FIELD","vendor_product":"oracle:enterprise_manager_base_platform"},{"cpes":["cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"8.2"},{"last_affected":"9.0"},{"last_affected":"9.1"}],"source":"CPE_FIELD","vendor_product":"oracle:sd-wan_aware"},{"cpes":["cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.4.0"},{"last_affected":"7.7.1"}],"source":"CPE_FIELD","vendor_product":"oracle:tekelec_platform_distribution"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"},{"type":"ADVISORY","url":"https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202006-03"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200611-0001/"},{"type":"FIX","url":"https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"},{"type":"FIX","url":"https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"},{"type":"FIX","url":"https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}]}