Bugzilla – Bug 1171863
VUL-0: CVE-2020-10543: perl: heap buffer overflow in regular expression compiler which overwrites memory allocated with attacker's data
Last modified: 2024-07-25 16:17:24 UTC
Created attachment 837958 [details] patch-v528 through pre-notification list We intend to publicly announce these vulnerabilities in two weeks time on 1 June 2020. If there are compelling reasons to extend this embargo period further or you need additional information about the vulnerabilities, let me know. Hugo experimented with backporting these patches all the way to Perl version 5.8 and noticed that the backports to some earlier versions are tricky. He recommends that you contact him for assistance if you plan to backport the fixes to Perl version 5.22 or earlier. Hugo's email address is hv@crypt.org. CVE-2020-10543 Found by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup) Fixed by: John Lightsey Versions affected: 5.005 to 5.30.2 This is a heap buffer overflow in Perl's regular expression compiler that overwrites memory allocated after the regular expression storage space with attacker supplied data. The heap overflow occurs due to a signed size_t integer overflow in the storage space calculations for nested regular expression quantifiers. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario. Additionally, the target system needs a sufficient amount of memory to allocate partial expansions of the nested quantifiers prior to the overflow occurring. This requirement is unlikely to be met on 64bit systems. Patches for the supported Perl versions are attached to this email. 5.30: v530-0001-CVE-2020-10543.patch 5.28: v528-0001-CVE-2020-10543.patch
Created attachment 837959 [details] patch v530
SUSE-SU-2020:1662-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1102840,1160039,1170601,1171863,1171864,1171866 CVE References: CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): perl-5.18.2-12.23.1 SUSE OpenStack Cloud 8 (src): perl-5.18.2-12.23.1 SUSE OpenStack Cloud 7 (src): perl-5.18.2-12.23.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): perl-5.18.2-12.23.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): perl-5.18.2-12.23.1 SUSE Linux Enterprise Server 12-SP5 (src): perl-5.18.2-12.23.1 SUSE Linux Enterprise Server 12-SP4 (src): perl-5.18.2-12.23.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): perl-5.18.2-12.23.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): perl-5.18.2-12.23.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): perl-5.18.2-12.23.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): perl-5.18.2-12.23.1 SUSE Enterprise Storage 5 (src): perl-5.18.2-12.23.1 HPE Helion Openstack 8 (src): perl-5.18.2-12.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:1682-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1171863,1171864,1171866,1172348 CVE References: CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 Sources used: SUSE Linux Enterprise Server for SAP 15 (src): perl-5.26.1-7.12.1 SUSE Linux Enterprise Server 15-LTSS (src): perl-5.26.1-7.12.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): perl-5.26.1-7.12.1 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): perl-5.26.1-7.12.1 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): perl-5.26.1-7.12.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): perl-5.26.1-7.12.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): perl-5.26.1-7.12.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): perl-5.26.1-7.12.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): perl-5.26.1-7.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0850-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1171863,1171864,1171866,1172348 CVE References: CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 Sources used: openSUSE Leap 15.1 (src): perl-5.26.1-lp151.9.6.1
SUSE-SU-2020:1682-2: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1171863,1171864,1171866,1172348 CVE References: CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 Sources used: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src): perl-5.26.1-7.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.