Comment 0 for bug 1918154

CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow

CVSSv2: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Description:
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-10878
https://access.redhat.com/security/cve/CVE-2020-10878
https://access.redhat.com/errata/RHSA-2021:0343

Required package version:
perl-5.16.3-299.el7_9.src.rpm

Packages:
perl

Found during March 2021 StarlingX CVE Scan