SB2020061835 - Buffer overflow in perl (Alpine package)
Published: June 18, 2020
Security Bulletin ID
SB2020061835
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2020-12723)
The vulnerability allows a remote attacker to perform a denial of service (DoS) áttack.
The vulnerability exists due to a boundary error within the recursive "S_study_chunk" calls. A remote attacker can use a specially crafted regular expression , trigger memory corruption and cause a denial of service condition on the target system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2347c5642490c5f7dc79c2205fff672b7bf5a3f6
- https://git.alpinelinux.org/aports/commit/?id=2db22e01ffdcff6cb673b0f5660cb911cff79bc1
- https://git.alpinelinux.org/aports/commit/?id=d5907c68b2341579983e3fc9a25ac4b67162c994
- https://git.alpinelinux.org/aports/commit/?id=f4e478f351ceedb178ec76b3b5ba2b2defdf99c8
- https://git.alpinelinux.org/aports/commit/?id=0bae63fd8d47db4b5bf4e1407c139f804fa62f4f