perl: Multiple vulnerabilities (CVE-2020-10543, CVE-2020-10878, CVE-2020-12723)
CVE-2020-10543: Buffer overflow caused by a crafted regular expression
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
Fixed In Version:
perl 5.30.3, perl 5.28.3
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-10543
- https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
Patch:
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
CVE-2020-10878: Integer overflow via malformed bytecode produced by a crafted regular expression
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
Fixed In Version:
perl 5.30.3, perl 5.28.3
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-10878
- https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod
Patches:
- https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
- https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
CVE-2020-12723: Buffer overflow caused by a crafted regular expression
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
Fixed In Version:
perl 5.30.3, perl 5.28.3
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-12723
- https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod
- https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
Patch:
https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a