Skip to content

perl: CVE-2020-10878

Moderate
Z5T1 published GHSA-rmc7-m48r-q8q5 Jun 7, 2020

Package

perl

Affected versions

<= 0.1.1

Patched versions

>= 0.1.2

Description

Impact

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Patches

Fixed upstream in Perl 5.30.3

References

https://metacpan.org/pod/perldelta
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878

Severity

Moderate

CVE ID

CVE-2020-10878

Weaknesses

No CWEs