Anolis OS update for perl
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-12723 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Anolis OS Operating systems & Components / Operating system perl-utils Operating systems & Components / Operating system package or component perl-open Operating systems & Components / Operating system package or component perl-libnetcfg Operating systems & Components / Operating system package or component perl-Test Operating systems & Components / Operating system package or component perl-SelfLoader Operating systems & Components / Operating system package or component perl-Pod-Html Operating systems & Components / Operating system package or component perl-Net-Ping Operating systems & Components / Operating system package or component perl-Module-Loaded Operating systems & Components / Operating system package or component perl-Memoize Operating systems & Components / Operating system package or component perl-Math-Complex Operating systems & Components / Operating system package or component perl-Locale-Maketext-Simple Operating systems & Components / Operating system package or component perl-IO-Zlib Operating systems & Components / Operating system package or component perl-ExtUtils-Miniperl Operating systems & Components / Operating system package or component perl-ExtUtils-Embed Operating systems & Components / Operating system package or component perl-Devel-SelfStubber Operating systems & Components / Operating system package or component perl-Attribute-Handlers Operating systems & Components / Operating system package or component perl-tests Operating systems & Components / Operating system package or component perl-macros Operating systems & Components / Operating system package or component perl-libs Operating systems & Components / Operating system package or component perl-interpreter Operating systems & Components / Operating system package or component perl-devel Operating systems & Components / Operating system package or component perl-Time-Piece Operating systems & Components / Operating system package or component perl-IO Operating systems & Components / Operating system package or component perl-Errno Operating systems & Components / Operating system package or component perl-Devel-Peek Operating systems & Components / Operating system package or component perl Operating systems & Components / Operating system package or component |
| Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU29016
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-12723
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) áttack.
The vulnerability exists due to a boundary error within the recursive "S_study_chunk" calls. A remote attacker can use a specially crafted regular expression , trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
perl-utils: before 5.26.3-417
perl-open: before 1.11-417
perl-libnetcfg: before 5.26.3-417
perl-Test: before 1.30-417
perl-SelfLoader: before 1.23-417
perl-Pod-Html: before 1.22.02-417
perl-Net-Ping: before 2.55-417
perl-Module-Loaded: before 0.08-417
perl-Memoize: before 1.03-417
perl-Math-Complex: before 1.59-417
perl-Locale-Maketext-Simple: before 0.21-417
perl-IO-Zlib: before 1.10-417
perl-ExtUtils-Miniperl: before 1.06-417
perl-ExtUtils-Embed: before 1.34-417
perl-Devel-SelfStubber: before 1.06-417
perl-Attribute-Handlers: before 0.99-417
perl-tests: before 5.26.3-417
perl-macros: before 5.26.3-417
perl-libs: before 5.26.3-417
perl-interpreter: before 5.26.3-417
perl-devel: before 5.26.3-417
perl-Time-Piece: before 1.31-417
perl-IO: before 1.38-417
perl-Errno: before 1.28-417
perl-Devel-Peek: before 1.26-417
perl: before 5.26.3-417
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:perl-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-open:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-libnetcfg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-selfloader:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-pod-html:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-net-ping:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-module-loaded:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-memoize:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-math-complex:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-locale-maketext-simple:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-io-zlib:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-extutils-miniperl:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-extutils-embed:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-devel-selfstubber:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-attribute-handlers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-tests:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-macros:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-interpreter:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-time-piece:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-io:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-errno:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl-devel-peek:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perl:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2021:0128
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
