rpm package

suse/perl&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Vulnerabilities (11)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-12723		—	< 5.18.2-12.23.1	5.18.2-12.23.1	Jun 5, 2020	regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-10878		—	< 5.18.2-12.23.1	5.18.2-12.23.1	Jun 5, 2020	Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
CVE-2020-10543		—	< 5.18.2-12.23.1	5.18.2-12.23.1	Jun 5, 2020	Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2018-18311		—	< 5.18.2-12.20.1	5.18.2-12.20.1	Dec 7, 2018	Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-12015		—	< 5.18.2-12.14.1	5.18.2-12.14.1	Jun 7, 2018	In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
CVE-2018-6913		—	< 5.18.2-12.14.1	5.18.2-12.14.1	Apr 17, 2018	Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
CVE-2018-6798		—	< 5.18.2-12.14.1	5.18.2-12.14.1	Apr 17, 2018	An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
CVE-2018-6797		—	< 5.18.2-12.14.1	5.18.2-12.14.1	Apr 17, 2018	An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
CVE-2017-12883	Cri	9.1	< 5.18.2-12.3.1	5.18.2-12.3.1	Sep 19, 2017	Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+
CVE-2017-12837	Hig	7.5	< 5.18.2-12.3.1	5.18.2-12.3.1	Sep 19, 2017	Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
CVE-2017-6512	Med	5.9	< 5.18.2-12.3.1	5.18.2-12.3.1	Jun 1, 2017	Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

CVE-2020-12723Jun 5, 2020
affected < 5.18.2-12.23.1fixed 5.18.2-12.23.1
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-10878Jun 5, 2020
affected < 5.18.2-12.23.1fixed 5.18.2-12.23.1
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
CVE-2020-10543Jun 5, 2020
affected < 5.18.2-12.23.1fixed 5.18.2-12.23.1
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2018-18311Dec 7, 2018
affected < 5.18.2-12.20.1fixed 5.18.2-12.20.1
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-12015Jun 7, 2018
affected < 5.18.2-12.14.1fixed 5.18.2-12.14.1
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
CVE-2018-6913Apr 17, 2018
affected < 5.18.2-12.14.1fixed 5.18.2-12.14.1
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
CVE-2018-6798Apr 17, 2018
affected < 5.18.2-12.14.1fixed 5.18.2-12.14.1
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
CVE-2018-6797Apr 17, 2018
affected < 5.18.2-12.14.1fixed 5.18.2-12.14.1
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
CVE-2017-12883CriSep 19, 2017
affected < 5.18.2-12.3.1fixed 5.18.2-12.3.1
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+
CVE-2017-12837HigSep 19, 2017
affected < 5.18.2-12.3.1fixed 5.18.2-12.3.1
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
CVE-2017-6512MedJun 1, 2017
affected < 5.18.2-12.3.1fixed 5.18.2-12.3.1
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.