Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2020-10543

Disclosure Date: June 05, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.2 High
Impact Score:
4.2
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
Low
Availability (A):
High

General Information

Vendors

  • fedoraproject,
  • opensuse,
  • oracle,
  • perl

Products

  • communications billing and revenue management 12.0.0.2.0,
  • communications billing and revenue management 12.0.0.3.0,
  • communications diameter signaling router,
  • communications eagle application processor,
  • communications eagle lnp application processor 10.1,
  • communications eagle lnp application processor 10.2,
  • communications eagle lnp application processor 46.7,
  • communications eagle lnp application processor 46.8,
  • communications eagle lnp application processor 46.9,
  • communications lsms,
  • communications offline mediation controller 12.0.0.3.0,
  • communications performance intelligence center,
  • communications pricing design center 12.0.0.3.0,
  • configuration manager 12.1.2.0.8,
  • enterprise manager base platform 13.4.0.0,
  • fedora 31,
  • leap 15.1,
  • perl,
  • sd-wan edge 8.2,
  • sd-wan edge 9.0,
  • sd-wan edge 9.1,
  • tekelec platform distribution
Technical Analysis