Main Vulnerability Database SB2021070520

SB2021070520 - Anolis OS update for perl

Published: July 5, 2021 Updated: March 28, 2025

Security Bulletin ID SB2021070520

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2020-12723)

The vulnerability allows a remote attacker to perform a denial of service (DoS) áttack.

The vulnerability exists due to a boundary error within the recursive "S_study_chunk" calls. A remote attacker can use a specially crafted regular expression , trigger memory corruption and cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2021:0128

Vulnerable Software

Anolis OS: 8
perl-utils: before 5.26.3-417
perl-open: before 1.11-417
perl-libnetcfg: before 5.26.3-417
perl-Test: before 1.30-417
perl-SelfLoader: before 1.23-417
perl-Pod-Html: before 1.22.02-417
perl-Net-Ping: before 2.55-417
perl-Module-Loaded: before 0.08-417
perl-Memoize: before 1.03-417
perl-Math-Complex: before 1.59-417
perl-Locale-Maketext-Simple: before 0.21-417
perl-IO-Zlib: before 1.10-417
perl-ExtUtils-Miniperl: before 1.06-417
perl-ExtUtils-Embed: before 1.34-417
perl-Devel-SelfStubber: before 1.06-417
perl-Attribute-Handlers: before 0.99-417
perl-tests: before 5.26.3-417
perl-macros: before 5.26.3-417
perl-libs: before 5.26.3-417
perl-interpreter: before 5.26.3-417
perl-devel: before 5.26.3-417
perl-Time-Piece: before 1.31-417
perl-IO: before 1.38-417
perl-Errno: before 1.28-417
perl-Devel-Peek: before 1.26-417
perl: before 5.26.3-417