Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-12837 (GCVE-0-2017-12837)
Vulnerability from cvelistv5 – Published: 2017-09-19 18:00 – Updated: 2024-08-05 18:51
VLAI?
EPSS
Summary
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2017-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3982",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100860"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131582",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"name": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12837",
"datePublished": "2017-09-19T18:00:00.000Z",
"dateReserved": "2017-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:51:06.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-12837",
"date": "2026-04-20",
"epss": "0.03165",
"percentile": "0.8695"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.24.2\", \"matchCriteriaId\": \"DB276E2C-622C-45EB-8378-35751366049F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B71CAECA-2A6A-4604-863F-3C1C055FB1CE\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\\\N{}\u0027 escape and the case-insensitive modifier.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer en la regi\\u00f3n heap de la memoria en la funci\\u00f3n S_regatom en el archivo regcomp.c en Perl 5 anterior a versi\\u00f3n 5.24.3-RC1 y versi\\u00f3n 5.26.x anterior a 5.26.1-RC1, permite a los atacantes remotos causar una denegaci\\u00f3n de servicio (escritura fuera de l\\u00edmites) por medio de una expresi\\u00f3n regular con un escape \u0027\\\\N{}\u0027 y el modificador que no distingue entre may\\u00fasculas y min\\u00fasculas.\"}]",
"id": "CVE-2017-12837",
"lastModified": "2024-11-21T03:10:16.643",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-09-19T18:29:00.167",
"references": "[{\"url\": \"http://www.debian.org/security/2017/dsa-3982\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/100860\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1492091\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://rt.perl.org/Public/Bug/Display.html?id=131582\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180426-0001/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2017/dsa-3982\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/100860\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1492091\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://rt.perl.org/Public/Bug/Display.html?id=131582\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180426-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-12837\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-09-19T18:29:00.167\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\\\N{}\u0027 escape and the case-insensitive modifier.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n S_regatom en el archivo regcomp.c en Perl 5 anterior a versi\u00f3n 5.24.3-RC1 y versi\u00f3n 5.26.x anterior a 5.26.1-RC1, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) por medio de una expresi\u00f3n regular con un escape \u0027\\\\N{}\u0027 y el modificador que no distingue entre may\u00fasculas y min\u00fasculas.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.24.2\",\"matchCriteriaId\":\"DB276E2C-622C-45EB-8378-35751366049F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B71CAECA-2A6A-4604-863F-3C1C055FB1CE\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3982\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/100860\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1492091\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://rt.perl.org/Public/Bug/Display.html?id=131582\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180426-0001/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/100860\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1492091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://rt.perl.org/Public/Bug/Display.html?id=131582\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180426-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CNVD-2017-34591
Vulnerability from cnvd - Published: 2017-11-20
VLAI Severity ?
Title
PERL regular expression编译器堆缓冲区溢出漏洞
Description
PERL是美国程序员拉里-沃尔(Larry Wall)所研发的一种免费且功能强大的跨平台编程语言。regular expression compiler是其中的一个正则表达式编译器。
PERL 5.24.3-RC1之前的版本和5.26.1-RC1之前的5.26.x版本中的regular expression编译器存在堆缓冲区溢出漏洞。远程攻击者可借助特制的正则表达式利用该漏洞造成拒绝服务(崩溃)。
Severity
中
Patch Name
PERL regular expression编译器堆缓冲区溢出漏洞的补丁
Patch Description
PERL是美国程序员拉里-沃尔(Larry Wall)所研发的一种免费且功能强大的跨平台编程语言。regular expression compiler是其中的一个正则表达式编译器。
PERL 5.24.3-RC1之前的版本和5.26.1-RC1之前的5.26.x版本中的regular expression编译器存在堆缓冲区溢出漏洞。远程攻击者可借助特制的正则表达式利用该漏洞造成拒绝服务(崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-12837
Impacted products
| Name | ['Perl Perl <5.24.3-RC1', 'Perl Perl 5.26.*,<5.26.1-RC1'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "100860"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-12837"
}
},
"description": "PERL\u662f\u7f8e\u56fd\u7a0b\u5e8f\u5458\u62c9\u91cc-\u6c83\u5c14\uff08Larry Wall\uff09\u6240\u7814\u53d1\u7684\u4e00\u79cd\u514d\u8d39\u4e14\u529f\u80fd\u5f3a\u5927\u7684\u8de8\u5e73\u53f0\u7f16\u7a0b\u8bed\u8a00\u3002regular expression compiler\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6b63\u5219\u8868\u8fbe\u5f0f\u7f16\u8bd1\u5668\u3002\r\n\r\nPERL 5.24.3-RC1\u4e4b\u524d\u7684\u7248\u672c\u548c5.26.1-RC1\u4e4b\u524d\u76845.26.x\u7248\u672c\u4e2d\u7684regular expression\u7f16\u8bd1\u5668\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002",
"discovererName": "Karl Williamson",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-34591",
"openTime": "2017-11-20",
"patchDescription": "PERL\u662f\u7f8e\u56fd\u7a0b\u5e8f\u5458\u62c9\u91cc-\u6c83\u5c14\uff08Larry Wall\uff09\u6240\u7814\u53d1\u7684\u4e00\u79cd\u514d\u8d39\u4e14\u529f\u80fd\u5f3a\u5927\u7684\u8de8\u5e73\u53f0\u7f16\u7a0b\u8bed\u8a00\u3002regular expression compiler\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6b63\u5219\u8868\u8fbe\u5f0f\u7f16\u8bd1\u5668\u3002\r\n\r\nPERL 5.24.3-RC1\u4e4b\u524d\u7684\u7248\u672c\u548c5.26.1-RC1\u4e4b\u524d\u76845.26.x\u7248\u672c\u4e2d\u7684regular expression\u7f16\u8bd1\u5668\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "PERL regular expression\u7f16\u8bd1\u5668\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Perl Perl \u003c5.24.3-RC1",
"Perl Perl 5.26.*\uff0c\u003c5.26.1-RC1"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-12837",
"serverity": "\u4e2d",
"submitTime": "2017-09-20",
"title": "PERL regular expression\u7f16\u8bd1\u5668\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
GHSA-Q52C-C9HV-JC77
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2025-04-20 03:45
VLAI?
Details
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2017-12837"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-19T18:29:00Z",
"severity": "HIGH"
},
"details": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier.",
"id": "GHSA-q52c-c9hv-jc77",
"modified": "2025-04-20T03:45:31Z",
"published": "2022-05-13T01:25:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12837"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"type": "WEB",
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
},
{
"type": "WEB",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"type": "WEB",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"type": "WEB",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100860"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2017-12837
Vulnerability from fkie_nvd - Published: 2017-09-19 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB276E2C-622C-45EB-8378-35751366049F",
"versionEndIncluding": "5.24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71CAECA-2A6A-4604-863F-3C1C055FB1CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n S_regatom en el archivo regcomp.c en Perl 5 anterior a versi\u00f3n 5.24.3-RC1 y versi\u00f3n 5.26.x anterior a 5.26.1-RC1, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) por medio de una expresi\u00f3n regular con un escape \u0027\\N{}\u0027 y el modificador que no distingue entre may\u00fasculas y min\u00fasculas."
}
],
"id": "CVE-2017-12837",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-19T18:29:00.167",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "cve@mitre.org",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
SUSE-SU-2017:3092-1
Vulnerability from csaf_suse - Published: 2017-11-24 15:19 - Updated: 2017-11-24 15:19Summary
Security update for perl
Severity
Moderate
Notes
Title of the patch: Security update for perl
Description of the patch: This update for perl fixes the following issues:
Security issues fixed:
- CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before
5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service
(out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive
modifier. (bnc#1057724)
- CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before
5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information
or cause a denial of service (application crash) via a crafted regular expression with an invalid
'\N{U+...}' escape. (bnc#1057721)
- CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module
before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving
directory-permission loosening logic. (bnc#1047178)
Bug fixes:
- backport set_capture_string changes from upstream (bsc#999735)
- reformat baselibs.conf as source validator workaround
Patchnames: SUSE-CAASP-ALL-2017-1903,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1903,SUSE-SLE-DESKTOP-12-SP2-2017-1903,SUSE-SLE-DESKTOP-12-SP3-2017-1903,SUSE-SLE-RPI-12-SP2-2017-1903,SUSE-SLE-SERVER-12-SP2-2017-1903,SUSE-SLE-SERVER-12-SP3-2017-1903
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for perl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for perl fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before\n 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service\n (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive\n modifier. (bnc#1057724)\n- CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before\n 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information\n or cause a denial of service (application crash) via a crafted regular expression with an invalid\n \u0027\\N{U+...}\u0027 escape. (bnc#1057721)\n- CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module\n before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving\n directory-permission loosening logic. (bnc#1047178)\n\nBug fixes:\n- backport set_capture_string changes from upstream (bsc#999735)\n- reformat baselibs.conf as source validator workaround\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-CAASP-ALL-2017-1903,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1903,SUSE-SLE-DESKTOP-12-SP2-2017-1903,SUSE-SLE-DESKTOP-12-SP3-2017-1903,SUSE-SLE-RPI-12-SP2-2017-1903,SUSE-SLE-SERVER-12-SP2-2017-1903,SUSE-SLE-SERVER-12-SP3-2017-1903",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3092-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3092-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173092-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3092-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-November/003416.html"
},
{
"category": "self",
"summary": "SUSE Bug 1047178",
"url": "https://bugzilla.suse.com/1047178"
},
{
"category": "self",
"summary": "SUSE Bug 1057721",
"url": "https://bugzilla.suse.com/1057721"
},
{
"category": "self",
"summary": "SUSE Bug 1057724",
"url": "https://bugzilla.suse.com/1057724"
},
{
"category": "self",
"summary": "SUSE Bug 999735",
"url": "https://bugzilla.suse.com/999735"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12837 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12883 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6512 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6512/"
}
],
"title": "Security update for perl",
"tracking": {
"current_release_date": "2017-11-24T15:19:55Z",
"generator": {
"date": "2017-11-24T15:19:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3092-1",
"initial_release_date": "2017-11-24T15:19:55Z",
"revision_history": [
{
"date": "2017-11-24T15:19:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "perl-5.18.2-12.3.1.aarch64",
"product": {
"name": "perl-5.18.2-12.3.1.aarch64",
"product_id": "perl-5.18.2-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-base-5.18.2-12.3.1.aarch64",
"product": {
"name": "perl-base-5.18.2-12.3.1.aarch64",
"product_id": "perl-base-5.18.2-12.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-doc-5.18.2-12.3.1.noarch",
"product": {
"name": "perl-doc-5.18.2-12.3.1.noarch",
"product_id": "perl-doc-5.18.2-12.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-5.18.2-12.3.1.ppc64le",
"product": {
"name": "perl-5.18.2-12.3.1.ppc64le",
"product_id": "perl-5.18.2-12.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-base-5.18.2-12.3.1.ppc64le",
"product": {
"name": "perl-base-5.18.2-12.3.1.ppc64le",
"product_id": "perl-base-5.18.2-12.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-5.18.2-12.3.1.s390x",
"product": {
"name": "perl-5.18.2-12.3.1.s390x",
"product_id": "perl-5.18.2-12.3.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-32bit-5.18.2-12.3.1.s390x",
"product": {
"name": "perl-32bit-5.18.2-12.3.1.s390x",
"product_id": "perl-32bit-5.18.2-12.3.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-base-5.18.2-12.3.1.s390x",
"product": {
"name": "perl-base-5.18.2-12.3.1.s390x",
"product_id": "perl-base-5.18.2-12.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-5.18.2-12.3.1.x86_64",
"product": {
"name": "perl-5.18.2-12.3.1.x86_64",
"product_id": "perl-5.18.2-12.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-32bit-5.18.2-12.3.1.x86_64",
"product": {
"name": "perl-32bit-5.18.2-12.3.1.x86_64",
"product_id": "perl-32bit-5.18.2-12.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-base-5.18.2-12.3.1.x86_64",
"product": {
"name": "perl-base-5.18.2-12.3.1.x86_64",
"product_id": "perl-base-5.18.2-12.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-32bit-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-base-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.18.2-12.3.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1.noarch"
},
"product_reference": "perl-doc-5.18.2-12.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-32bit-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-base-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.18.2-12.3.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
},
"product_reference": "perl-doc-5.18.2-12.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-5.18.2-12.3.1.aarch64"
},
"product_reference": "perl-5.18.2-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-base-5.18.2-12.3.1.aarch64"
},
"product_reference": "perl-base-5.18.2-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.18.2-12.3.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-doc-5.18.2-12.3.1.noarch"
},
"product_reference": "perl-doc-5.18.2-12.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.aarch64"
},
"product_reference": "perl-5.18.2-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.ppc64le"
},
"product_reference": "perl-5.18.2-12.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-32bit-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-32bit-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.aarch64"
},
"product_reference": "perl-base-5.18.2-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.ppc64le"
},
"product_reference": "perl-base-5.18.2-12.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-base-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-base-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.18.2-12.3.1.noarch as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:perl-doc-5.18.2-12.3.1.noarch"
},
"product_reference": "perl-doc-5.18.2-12.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.aarch64"
},
"product_reference": "perl-5.18.2-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.ppc64le"
},
"product_reference": "perl-5.18.2-12.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-32bit-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-32bit-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.aarch64"
},
"product_reference": "perl-base-5.18.2-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.ppc64le"
},
"product_reference": "perl-base-5.18.2-12.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-base-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-base-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.18.2-12.3.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-doc-5.18.2-12.3.1.noarch"
},
"product_reference": "perl-doc-5.18.2-12.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.aarch64"
},
"product_reference": "perl-5.18.2-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.ppc64le"
},
"product_reference": "perl-5.18.2-12.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-32bit-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-32bit-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.aarch64"
},
"product_reference": "perl-base-5.18.2-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.ppc64le"
},
"product_reference": "perl-base-5.18.2-12.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-base-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-base-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.18.2-12.3.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
},
"product_reference": "perl-doc-5.18.2-12.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.aarch64"
},
"product_reference": "perl-5.18.2-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.ppc64le"
},
"product_reference": "perl-5.18.2-12.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-32bit-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-32bit-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.aarch64"
},
"product_reference": "perl-base-5.18.2-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.ppc64le"
},
"product_reference": "perl-base-5.18.2-12.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.s390x"
},
"product_reference": "perl-base-5.18.2-12.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.18.2-12.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.x86_64"
},
"product_reference": "perl-base-5.18.2-12.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.18.2-12.3.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
},
"product_reference": "perl-doc-5.18.2-12.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-12837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12837"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12837",
"url": "https://www.suse.com/security/cve/CVE-2017-12837"
},
{
"category": "external",
"summary": "SUSE Bug 1057724 for CVE-2017-12837",
"url": "https://bugzilla.suse.com/1057724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-11-24T15:19:55Z",
"details": "low"
}
],
"title": "CVE-2017-12837"
},
{
"cve": "CVE-2017-12883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12883"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid \u0027\\N{U+...}\u0027 escape.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12883",
"url": "https://www.suse.com/security/cve/CVE-2017-12883"
},
{
"category": "external",
"summary": "SUSE Bug 1057721 for CVE-2017-12883",
"url": "https://bugzilla.suse.com/1057721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-11-24T15:19:55Z",
"details": "moderate"
}
],
"title": "CVE-2017-12883"
},
{
"cve": "CVE-2017-6512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6512"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6512",
"url": "https://www.suse.com/security/cve/CVE-2017-6512"
},
{
"category": "external",
"summary": "SUSE Bug 1042218 for CVE-2017-6512",
"url": "https://bugzilla.suse.com/1042218"
},
{
"category": "external",
"summary": "SUSE Bug 1047178 for CVE-2017-6512",
"url": "https://bugzilla.suse.com/1047178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-doc-5.18.2-12.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-32bit-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-base-5.18.2-12.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:perl-doc-5.18.2-12.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-11-24T15:19:55Z",
"details": "moderate"
}
],
"title": "CVE-2017-6512"
}
]
}
OPENSUSE-SU-2024:11158-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
perl-32bit-5.34.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: perl-32bit-5.34.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the perl-32bit-5.34.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11158
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "perl-32bit-5.34.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the perl-32bit-5.34.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11158",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11158-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-3962 page",
"url": "https://www.suse.com/security/cve/CVE-2005-3962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5116 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12814 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12837 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12883 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18311 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18312 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10543 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10878 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12723 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12723/"
}
],
"title": "perl-32bit-5.34.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11158-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "perl-5.34.0-1.1.aarch64",
"product": {
"name": "perl-5.34.0-1.1.aarch64",
"product_id": "perl-5.34.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-32bit-5.34.0-1.1.aarch64",
"product": {
"name": "perl-32bit-5.34.0-1.1.aarch64",
"product_id": "perl-32bit-5.34.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-base-5.34.0-1.1.aarch64",
"product": {
"name": "perl-base-5.34.0-1.1.aarch64",
"product_id": "perl-base-5.34.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-base-32bit-5.34.0-1.1.aarch64",
"product": {
"name": "perl-base-32bit-5.34.0-1.1.aarch64",
"product_id": "perl-base-32bit-5.34.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-doc-5.34.0-1.1.aarch64",
"product": {
"name": "perl-doc-5.34.0-1.1.aarch64",
"product_id": "perl-doc-5.34.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-5.34.0-1.1.ppc64le",
"product": {
"name": "perl-5.34.0-1.1.ppc64le",
"product_id": "perl-5.34.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-32bit-5.34.0-1.1.ppc64le",
"product": {
"name": "perl-32bit-5.34.0-1.1.ppc64le",
"product_id": "perl-32bit-5.34.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-base-5.34.0-1.1.ppc64le",
"product": {
"name": "perl-base-5.34.0-1.1.ppc64le",
"product_id": "perl-base-5.34.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-base-32bit-5.34.0-1.1.ppc64le",
"product": {
"name": "perl-base-32bit-5.34.0-1.1.ppc64le",
"product_id": "perl-base-32bit-5.34.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-doc-5.34.0-1.1.ppc64le",
"product": {
"name": "perl-doc-5.34.0-1.1.ppc64le",
"product_id": "perl-doc-5.34.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-5.34.0-1.1.s390x",
"product": {
"name": "perl-5.34.0-1.1.s390x",
"product_id": "perl-5.34.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-32bit-5.34.0-1.1.s390x",
"product": {
"name": "perl-32bit-5.34.0-1.1.s390x",
"product_id": "perl-32bit-5.34.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-base-5.34.0-1.1.s390x",
"product": {
"name": "perl-base-5.34.0-1.1.s390x",
"product_id": "perl-base-5.34.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-base-32bit-5.34.0-1.1.s390x",
"product": {
"name": "perl-base-32bit-5.34.0-1.1.s390x",
"product_id": "perl-base-32bit-5.34.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-doc-5.34.0-1.1.s390x",
"product": {
"name": "perl-doc-5.34.0-1.1.s390x",
"product_id": "perl-doc-5.34.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-5.34.0-1.1.x86_64",
"product": {
"name": "perl-5.34.0-1.1.x86_64",
"product_id": "perl-5.34.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-32bit-5.34.0-1.1.x86_64",
"product": {
"name": "perl-32bit-5.34.0-1.1.x86_64",
"product_id": "perl-32bit-5.34.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-base-5.34.0-1.1.x86_64",
"product": {
"name": "perl-base-5.34.0-1.1.x86_64",
"product_id": "perl-base-5.34.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-base-32bit-5.34.0-1.1.x86_64",
"product": {
"name": "perl-base-32bit-5.34.0-1.1.x86_64",
"product_id": "perl-base-32bit-5.34.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-doc-5.34.0-1.1.x86_64",
"product": {
"name": "perl-doc-5.34.0-1.1.x86_64",
"product_id": "perl-doc-5.34.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.34.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64"
},
"product_reference": "perl-5.34.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.34.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le"
},
"product_reference": "perl-5.34.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.34.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-5.34.0-1.1.s390x"
},
"product_reference": "perl-5.34.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-5.34.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64"
},
"product_reference": "perl-5.34.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.34.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64"
},
"product_reference": "perl-32bit-5.34.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.34.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le"
},
"product_reference": "perl-32bit-5.34.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.34.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x"
},
"product_reference": "perl-32bit-5.34.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-32bit-5.34.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64"
},
"product_reference": "perl-32bit-5.34.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.34.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64"
},
"product_reference": "perl-base-5.34.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.34.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le"
},
"product_reference": "perl-base-5.34.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.34.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x"
},
"product_reference": "perl-base-5.34.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-5.34.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64"
},
"product_reference": "perl-base-5.34.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-32bit-5.34.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64"
},
"product_reference": "perl-base-32bit-5.34.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-32bit-5.34.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le"
},
"product_reference": "perl-base-32bit-5.34.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-32bit-5.34.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x"
},
"product_reference": "perl-base-32bit-5.34.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-base-32bit-5.34.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64"
},
"product_reference": "perl-base-32bit-5.34.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.34.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64"
},
"product_reference": "perl-doc-5.34.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.34.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le"
},
"product_reference": "perl-doc-5.34.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.34.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x"
},
"product_reference": "perl-doc-5.34.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-doc-5.34.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
},
"product_reference": "perl-doc-5.34.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-3962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-3962"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-3962",
"url": "https://www.suse.com/security/cve/CVE-2005-3962"
},
{
"category": "external",
"summary": "SUSE Bug 136360 for CVE-2005-3962",
"url": "https://bugzilla.suse.com/136360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2005-3962"
},
{
"cve": "CVE-2007-5116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5116"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5116",
"url": "https://www.suse.com/security/cve/CVE-2007-5116"
},
{
"category": "external",
"summary": "SUSE Bug 332199 for CVE-2007-5116",
"url": "https://bugzilla.suse.com/332199"
},
{
"category": "external",
"summary": "SUSE Bug 372331 for CVE-2007-5116",
"url": "https://bugzilla.suse.com/372331"
},
{
"category": "external",
"summary": "SUSE Bug 915514 for CVE-2007-5116",
"url": "https://bugzilla.suse.com/915514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-5116"
},
{
"cve": "CVE-2017-12814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12814"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12814",
"url": "https://www.suse.com/security/cve/CVE-2017-12814"
},
{
"category": "external",
"summary": "SUSE Bug 1057727 for CVE-2017-12814",
"url": "https://bugzilla.suse.com/1057727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-12814"
},
{
"cve": "CVE-2017-12837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12837"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12837",
"url": "https://www.suse.com/security/cve/CVE-2017-12837"
},
{
"category": "external",
"summary": "SUSE Bug 1057724 for CVE-2017-12837",
"url": "https://bugzilla.suse.com/1057724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-12837"
},
{
"cve": "CVE-2017-12883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12883"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid \u0027\\N{U+...}\u0027 escape.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12883",
"url": "https://www.suse.com/security/cve/CVE-2017-12883"
},
{
"category": "external",
"summary": "SUSE Bug 1057721 for CVE-2017-12883",
"url": "https://bugzilla.suse.com/1057721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12883"
},
{
"cve": "CVE-2018-18311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18311"
}
],
"notes": [
{
"category": "general",
"text": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18311",
"url": "https://www.suse.com/security/cve/CVE-2018-18311"
},
{
"category": "external",
"summary": "SUSE Bug 1114674 for CVE-2018-18311",
"url": "https://bugzilla.suse.com/1114674"
},
{
"category": "external",
"summary": "SUSE Bug 1132018 for CVE-2018-18311",
"url": "https://bugzilla.suse.com/1132018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18311"
},
{
"cve": "CVE-2018-18312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18312"
}
],
"notes": [
{
"category": "general",
"text": "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18312",
"url": "https://www.suse.com/security/cve/CVE-2018-18312"
},
{
"category": "external",
"summary": "SUSE Bug 1114675 for CVE-2018-18312",
"url": "https://bugzilla.suse.com/1114675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-18312"
},
{
"cve": "CVE-2020-10543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10543"
}
],
"notes": [
{
"category": "general",
"text": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10543",
"url": "https://www.suse.com/security/cve/CVE-2020-10543"
},
{
"category": "external",
"summary": "SUSE Bug 1171863 for CVE-2020-10543",
"url": "https://bugzilla.suse.com/1171863"
},
{
"category": "external",
"summary": "SUSE Bug 1225627 for CVE-2020-10543",
"url": "https://bugzilla.suse.com/1225627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10543"
},
{
"cve": "CVE-2020-10878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10878"
}
],
"notes": [
{
"category": "general",
"text": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10878",
"url": "https://www.suse.com/security/cve/CVE-2020-10878"
},
{
"category": "external",
"summary": "SUSE Bug 1171864 for CVE-2020-10878",
"url": "https://bugzilla.suse.com/1171864"
},
{
"category": "external",
"summary": "SUSE Bug 1225627 for CVE-2020-10878",
"url": "https://bugzilla.suse.com/1225627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10878"
},
{
"cve": "CVE-2020-12723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12723"
}
],
"notes": [
{
"category": "general",
"text": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12723",
"url": "https://www.suse.com/security/cve/CVE-2020-12723"
},
{
"category": "external",
"summary": "SUSE Bug 1171866 for CVE-2020-12723",
"url": "https://bugzilla.suse.com/1171866"
},
{
"category": "external",
"summary": "SUSE Bug 1225627 for CVE-2020-12723",
"url": "https://bugzilla.suse.com/1225627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-base-5.34.0-1.1.x86_64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.aarch64",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.ppc64le",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.s390x",
"openSUSE Tumbleweed:perl-doc-5.34.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-12723"
}
]
}
RHSA-2026:6206
Vulnerability from csaf_redhat - Published: 2026-03-30 18:30 - Updated: 2026-04-19 19:40Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Moderate
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
perl:
* perl-5.42.2-524.hum1 (aarch64, x86_64)
* perl-Attribute-Handlers-1.03-524.hum1 (noarch)
* perl-AutoLoader-5.74-524.hum1 (noarch)
* perl-AutoSplit-5.74-524.hum1 (noarch)
* perl-B-1.89-524.hum1 (aarch64, x86_64)
* perl-Benchmark-1.27-524.hum1 (noarch)
* perl-Class-Struct-0.68-524.hum1 (noarch)
* perl-Config-Extensions-0.03-524.hum1 (noarch)
* perl-DBM_Filter-0.07-524.hum1 (noarch)
* perl-Devel-Peek-1.36-524.hum1 (aarch64, x86_64)
* perl-Devel-SelfStubber-1.06-524.hum1 (noarch)
* perl-DirHandle-1.05-524.hum1 (noarch)
* perl-Dumpvalue-2.27-524.hum1 (noarch)
* perl-DynaLoader-1.57-524.hum1 (aarch64, x86_64)
* perl-English-1.11-524.hum1 (noarch)
* perl-Errno-1.38-524.hum1 (aarch64, x86_64)
* perl-ExtUtils-Constant-0.25-524.hum1 (noarch)
* perl-ExtUtils-Embed-1.35-524.hum1 (noarch)
* perl-ExtUtils-Miniperl-1.14-524.hum1 (noarch)
* perl-Fcntl-1.20-524.hum1 (aarch64, x86_64)
* perl-File-Basename-2.86-524.hum1 (noarch)
* perl-File-Compare-1.100.800-524.hum1 (noarch)
* perl-File-Copy-2.41-524.hum1 (noarch)
* perl-File-DosGlob-1.12-524.hum1 (aarch64, x86_64)
* perl-File-Find-1.44-524.hum1 (noarch)
* perl-File-stat-1.14-524.hum1 (noarch)
* perl-FileCache-1.10-524.hum1 (noarch)
* perl-FileHandle-2.05-524.hum1 (noarch)
* perl-FindBin-1.54-524.hum1 (noarch)
* perl-GDBM_File-1.24-524.hum1 (aarch64, x86_64)
* perl-Getopt-Std-1.14-524.hum1 (noarch)
* perl-Hash-Util-0.32-524.hum1 (aarch64, x86_64)
* perl-Hash-Util-FieldHash-1.27-524.hum1 (aarch64, x86_64)
* perl-I18N-Collate-1.02-524.hum1 (noarch)
* perl-I18N-LangTags-0.45-524.hum1 (noarch)
* perl-I18N-Langinfo-0.24-524.hum1 (aarch64, x86_64)
* perl-IO-1.55-524.hum1 (aarch64, x86_64)
* perl-IPC-Open3-1.24-524.hum1 (noarch)
* perl-Locale-Maketext-Simple-0.21-524.hum1 (noarch)
* perl-Math-Complex-1.63-524.hum1 (noarch)
* perl-Memoize-1.17-524.hum1 (noarch)
* perl-Module-Loaded-0.08-524.hum1 (noarch)
* perl-NDBM_File-1.18-524.hum1 (aarch64, x86_64)
* perl-NEXT-0.69-524.hum1 (noarch)
* perl-Net-1.04-524.hum1 (noarch)
* perl-ODBM_File-1.20-524.hum1 (aarch64, x86_64)
* perl-Opcode-1.69-524.hum1 (aarch64, x86_64)
* perl-POSIX-2.23-524.hum1 (aarch64, x86_64)
* perl-Pod-Functions-1.14-524.hum1 (noarch)
* perl-Pod-Html-1.35-524.hum1 (noarch)
* perl-Safe-2.47-524.hum1 (noarch)
* perl-Search-Dict-1.08-524.hum1 (noarch)
* perl-SelectSaver-1.02-524.hum1 (noarch)
* perl-SelfLoader-1.28-524.hum1 (noarch)
* perl-Symbol-1.09-524.hum1 (noarch)
* perl-Sys-Hostname-1.25-524.hum1 (aarch64, x86_64)
* perl-Term-Complete-1.403-524.hum1 (noarch)
* perl-Term-ReadLine-1.17-524.hum1 (noarch)
* perl-Test-1.31-524.hum1 (noarch)
* perl-Text-Abbrev-1.02-524.hum1 (noarch)
* perl-Thread-3.06-524.hum1 (noarch)
* perl-Thread-Semaphore-2.13-524.hum1 (noarch)
* perl-Tie-4.6-524.hum1 (noarch)
* perl-Tie-File-1.10-524.hum1 (noarch)
* perl-Tie-Memoize-1.1-524.hum1 (noarch)
* perl-Time-1.04-524.hum1 (noarch)
* perl-Time-Piece-1.3600-524.hum1 (aarch64, x86_64)
* perl-Unicode-UCD-0.81-524.hum1 (noarch)
* perl-User-pwent-1.05-524.hum1 (noarch)
* perl-autouse-1.11-524.hum1 (noarch)
* perl-base-2.27-524.hum1 (noarch)
* perl-blib-1.07-524.hum1 (noarch)
* perl-debugger-1.60-524.hum1 (noarch)
* perl-deprecate-0.04-524.hum1 (noarch)
* perl-devel-5.42.2-524.hum1 (aarch64, x86_64)
* perl-diagnostics-1.40-524.hum1 (noarch)
* perl-doc-5.42.2-524.hum1 (noarch)
* perl-encoding-warnings-0.14-524.hum1 (noarch)
* perl-fields-2.27-524.hum1 (noarch)
* perl-filetest-1.03-524.hum1 (noarch)
* perl-if-0.61.000-524.hum1 (noarch)
* perl-interpreter-5.42.2-524.hum1 (aarch64, x86_64)
* perl-less-0.03-524.hum1 (noarch)
* perl-lib-0.65-524.hum1 (aarch64, x86_64)
* perl-libnetcfg-5.42.2-524.hum1 (noarch)
* perl-libs-5.42.2-524.hum1 (aarch64, x86_64)
* perl-locale-1.13-524.hum1 (noarch)
* perl-macros-5.42.2-524.hum1 (noarch)
* perl-meta-notation-5.42.2-524.hum1 (noarch)
* perl-mro-1.29-524.hum1 (aarch64, x86_64)
* perl-open-1.13-524.hum1 (noarch)
* perl-overload-1.40-524.hum1 (noarch)
* perl-overloading-0.02-524.hum1 (noarch)
* perl-ph-5.42.2-524.hum1 (aarch64, x86_64)
* perl-sigtrap-1.10-524.hum1 (noarch)
* perl-sort-2.06-524.hum1 (noarch)
* perl-subs-1.04-524.hum1 (noarch)
* perl-tests-5.42.2-524.hum1 (aarch64, x86_64)
* perl-utils-5.42.2-524.hum1 (noarch)
* perl-vars-1.05-524.hum1 (noarch)
* perl-vmsish-1.04-524.hum1 (noarch)
* perl-5.42.2-524.hum1.src (source)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
5.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6206
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
5.4 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6206
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
5.1 ()
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6206
A heap write buffer overflow was found in perl's S_regatom() function, which is used in the compilation of regular expressions, resulting in the crash of the perl interpreter. An attacker, able to provide a specially crafted regular expression, could cause a denial of service.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6206
A heap buffer overread was found in perl's grok_bslash_N() function, which is used in the compilation of Unicode nodes in regular expressions, possibly leading to crash or dump of memory segments via the error output. An attacker, able to provide a specially crafted regular expression, could look for sensible information in the error message, or crash perl.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6206
It was found that the pack() function in the 32-bit version of the perl interpreter was vulnerable to heap buffer overflow via the packing template. An attacker, able to provide a specially crafted template, could use this flaw to crash the interpreter.
4.0 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6206
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
8.2 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6206
Workaround
To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler.
A stack-based buffer overflow vulnerability was found in the S_find_uninit_var() function in sv.c in Perl. This issue may allow an authenticated local attacker to send a specially crafted request to the application, leading to an infinite recursion, exhausting the process' stack space, resulting in a denial of service.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6206
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
Stephane Chazelas
Perl
Sawyer X
Perl 5 Porters
GwanYeong Kim
Vingroup
VinCSS
Tarantula Team
ManhND
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nperl:\n * perl-5.42.2-524.hum1 (aarch64, x86_64)\n * perl-Attribute-Handlers-1.03-524.hum1 (noarch)\n * perl-AutoLoader-5.74-524.hum1 (noarch)\n * perl-AutoSplit-5.74-524.hum1 (noarch)\n * perl-B-1.89-524.hum1 (aarch64, x86_64)\n * perl-Benchmark-1.27-524.hum1 (noarch)\n * perl-Class-Struct-0.68-524.hum1 (noarch)\n * perl-Config-Extensions-0.03-524.hum1 (noarch)\n * perl-DBM_Filter-0.07-524.hum1 (noarch)\n * perl-Devel-Peek-1.36-524.hum1 (aarch64, x86_64)\n * perl-Devel-SelfStubber-1.06-524.hum1 (noarch)\n * perl-DirHandle-1.05-524.hum1 (noarch)\n * perl-Dumpvalue-2.27-524.hum1 (noarch)\n * perl-DynaLoader-1.57-524.hum1 (aarch64, x86_64)\n * perl-English-1.11-524.hum1 (noarch)\n * perl-Errno-1.38-524.hum1 (aarch64, x86_64)\n * perl-ExtUtils-Constant-0.25-524.hum1 (noarch)\n * perl-ExtUtils-Embed-1.35-524.hum1 (noarch)\n * perl-ExtUtils-Miniperl-1.14-524.hum1 (noarch)\n * perl-Fcntl-1.20-524.hum1 (aarch64, x86_64)\n * perl-File-Basename-2.86-524.hum1 (noarch)\n * perl-File-Compare-1.100.800-524.hum1 (noarch)\n * perl-File-Copy-2.41-524.hum1 (noarch)\n * perl-File-DosGlob-1.12-524.hum1 (aarch64, x86_64)\n * perl-File-Find-1.44-524.hum1 (noarch)\n * perl-File-stat-1.14-524.hum1 (noarch)\n * perl-FileCache-1.10-524.hum1 (noarch)\n * perl-FileHandle-2.05-524.hum1 (noarch)\n * perl-FindBin-1.54-524.hum1 (noarch)\n * perl-GDBM_File-1.24-524.hum1 (aarch64, x86_64)\n * perl-Getopt-Std-1.14-524.hum1 (noarch)\n * perl-Hash-Util-0.32-524.hum1 (aarch64, x86_64)\n * perl-Hash-Util-FieldHash-1.27-524.hum1 (aarch64, x86_64)\n * perl-I18N-Collate-1.02-524.hum1 (noarch)\n * perl-I18N-LangTags-0.45-524.hum1 (noarch)\n * perl-I18N-Langinfo-0.24-524.hum1 (aarch64, x86_64)\n * perl-IO-1.55-524.hum1 (aarch64, x86_64)\n * perl-IPC-Open3-1.24-524.hum1 (noarch)\n * perl-Locale-Maketext-Simple-0.21-524.hum1 (noarch)\n * perl-Math-Complex-1.63-524.hum1 (noarch)\n * perl-Memoize-1.17-524.hum1 (noarch)\n * perl-Module-Loaded-0.08-524.hum1 (noarch)\n * perl-NDBM_File-1.18-524.hum1 (aarch64, x86_64)\n * perl-NEXT-0.69-524.hum1 (noarch)\n * perl-Net-1.04-524.hum1 (noarch)\n * perl-ODBM_File-1.20-524.hum1 (aarch64, x86_64)\n * perl-Opcode-1.69-524.hum1 (aarch64, x86_64)\n * perl-POSIX-2.23-524.hum1 (aarch64, x86_64)\n * perl-Pod-Functions-1.14-524.hum1 (noarch)\n * perl-Pod-Html-1.35-524.hum1 (noarch)\n * perl-Safe-2.47-524.hum1 (noarch)\n * perl-Search-Dict-1.08-524.hum1 (noarch)\n * perl-SelectSaver-1.02-524.hum1 (noarch)\n * perl-SelfLoader-1.28-524.hum1 (noarch)\n * perl-Symbol-1.09-524.hum1 (noarch)\n * perl-Sys-Hostname-1.25-524.hum1 (aarch64, x86_64)\n * perl-Term-Complete-1.403-524.hum1 (noarch)\n * perl-Term-ReadLine-1.17-524.hum1 (noarch)\n * perl-Test-1.31-524.hum1 (noarch)\n * perl-Text-Abbrev-1.02-524.hum1 (noarch)\n * perl-Thread-3.06-524.hum1 (noarch)\n * perl-Thread-Semaphore-2.13-524.hum1 (noarch)\n * perl-Tie-4.6-524.hum1 (noarch)\n * perl-Tie-File-1.10-524.hum1 (noarch)\n * perl-Tie-Memoize-1.1-524.hum1 (noarch)\n * perl-Time-1.04-524.hum1 (noarch)\n * perl-Time-Piece-1.3600-524.hum1 (aarch64, x86_64)\n * perl-Unicode-UCD-0.81-524.hum1 (noarch)\n * perl-User-pwent-1.05-524.hum1 (noarch)\n * perl-autouse-1.11-524.hum1 (noarch)\n * perl-base-2.27-524.hum1 (noarch)\n * perl-blib-1.07-524.hum1 (noarch)\n * perl-debugger-1.60-524.hum1 (noarch)\n * perl-deprecate-0.04-524.hum1 (noarch)\n * perl-devel-5.42.2-524.hum1 (aarch64, x86_64)\n * perl-diagnostics-1.40-524.hum1 (noarch)\n * perl-doc-5.42.2-524.hum1 (noarch)\n * perl-encoding-warnings-0.14-524.hum1 (noarch)\n * perl-fields-2.27-524.hum1 (noarch)\n * perl-filetest-1.03-524.hum1 (noarch)\n * perl-if-0.61.000-524.hum1 (noarch)\n * perl-interpreter-5.42.2-524.hum1 (aarch64, x86_64)\n * perl-less-0.03-524.hum1 (noarch)\n * perl-lib-0.65-524.hum1 (aarch64, x86_64)\n * perl-libnetcfg-5.42.2-524.hum1 (noarch)\n * perl-libs-5.42.2-524.hum1 (aarch64, x86_64)\n * perl-locale-1.13-524.hum1 (noarch)\n * perl-macros-5.42.2-524.hum1 (noarch)\n * perl-meta-notation-5.42.2-524.hum1 (noarch)\n * perl-mro-1.29-524.hum1 (aarch64, x86_64)\n * perl-open-1.13-524.hum1 (noarch)\n * perl-overload-1.40-524.hum1 (noarch)\n * perl-overloading-0.02-524.hum1 (noarch)\n * perl-ph-5.42.2-524.hum1 (aarch64, x86_64)\n * perl-sigtrap-1.10-524.hum1 (noarch)\n * perl-sort-2.06-524.hum1 (noarch)\n * perl-subs-1.04-524.hum1 (noarch)\n * perl-tests-5.42.2-524.hum1 (aarch64, x86_64)\n * perl-utils-5.42.2-524.hum1 (noarch)\n * perl-vars-1.05-524.hum1 (noarch)\n * perl-vmsish-1.04-524.hum1 (noarch)\n * perl-5.42.2-524.hum1.src (source)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6206",
"url": "https://access.redhat.com/errata/RHSA-2026:6206"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-48522",
"url": "https://access.redhat.com/security/cve/CVE-2022-48522"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2020-10543",
"url": "https://access.redhat.com/security/cve/CVE-2020-10543"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2018-6913",
"url": "https://access.redhat.com/security/cve/CVE-2018-6913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2017-12883",
"url": "https://access.redhat.com/security/cve/CVE-2017-12883"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2017-12837",
"url": "https://access.redhat.com/security/cve/CVE-2017-12837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2016-2381",
"url": "https://access.redhat.com/security/cve/CVE-2016-2381"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2015-8853",
"url": "https://access.redhat.com/security/cve/CVE-2015-8853"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2012-6329",
"url": "https://access.redhat.com/security/cve/CVE-2012-6329"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6206.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-04-19T19:40:52+00:00",
"generator": {
"date": "2026-04-19T19:40:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:6206",
"initial_release_date": "2026-03-30T18:30:07+00:00",
"revision_history": [
{
"date": "2026-03-30T18:30:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T19:53:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-19T19:40:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-main@aarch64",
"product": {
"name": "perl-main@aarch64",
"product_id": "perl-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl@5.42.2-524.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-main@src",
"product": {
"name": "perl-main@src",
"product_id": "perl-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl@5.42.2-524.hum1?arch=source\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-main@x86_64",
"product": {
"name": "perl-main@x86_64",
"product_id": "perl-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl@5.42.2-524.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "perl-main@noarch",
"product": {
"name": "perl-main@noarch",
"product_id": "perl-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl-Attribute-Handlers@1.03-524.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:perl-main@aarch64"
},
"product_reference": "perl-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:perl-main@noarch"
},
"product_reference": "perl-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:perl-main@src"
},
"product_reference": "perl-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:perl-main@x86_64"
},
"product_reference": "perl-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-6329",
"discovery_date": "2012-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "884354"
}
],
"notes": [
{
"category": "description",
"text": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: possible arbitrary code execution via Locale::Maketext",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-6329"
},
{
"category": "external",
"summary": "RHBZ#884354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-6329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6329"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6329"
}
],
"release_date": "2012-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T18:30:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6206"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "perl: possible arbitrary code execution via Locale::Maketext"
},
{
"cve": "CVE-2015-8853",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2016-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1329106"
}
],
"notes": [
{
"category": "description",
"text": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: regexp matching hangs indefinitely on illegal UTF-8 input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8853"
},
{
"category": "external",
"summary": "RHBZ#1329106",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8853",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8853"
},
{
"category": "external",
"summary": "https://rt.perl.org/Public/Bug/Display.html?id=123562",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
}
],
"release_date": "2015-01-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T18:30:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6206"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "perl: regexp matching hangs indefinitely on illegal UTF-8 input"
},
{
"acknowledgments": [
{
"names": [
"Stephane Chazelas"
]
}
],
"cve": "CVE-2016-2381",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-02-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1309214"
}
],
"notes": [
{
"category": "description",
"text": "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: ambiguous environment variables handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2381"
},
{
"category": "external",
"summary": "RHBZ#1309214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1309214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2381",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2381"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2381",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2381"
}
],
"release_date": "2016-03-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T18:30:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6206"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "perl: ambiguous environment variables handling"
},
{
"acknowledgments": [
{
"names": [
"Sawyer X"
],
"organization": "Perl"
}
],
"cve": "CVE-2017-12837",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2017-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1492091"
}
],
"notes": [
{
"category": "description",
"text": "A heap write buffer overflow was found in perl\u0027s S_regatom() function, which is used in the compilation of regular expressions, resulting in the crash of the perl interpreter. An attacker, able to provide a specially crafted regular expression, could cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: Heap buffer overflow in regular expression compiler",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect perl versions older than 5.18. Perl as shipped in Red Hat Enterprise Linux 7 and older are not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12837"
},
{
"category": "external",
"summary": "RHBZ#1492091",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12837",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12837"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12837",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12837"
}
],
"release_date": "2017-09-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T18:30:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "perl: Heap buffer overflow in regular expression compiler"
},
{
"cve": "CVE-2017-12883",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1492093"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overread was found in perl\u0027s grok_bslash_N() function, which is used in the compilation of Unicode nodes in regular expressions, possibly leading to crash or dump of memory segments via the error output. An attacker, able to provide a specially crafted regular expression, could look for sensible information in the error message, or crash perl.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: Buffer over-read in regular expression parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Perl as shipped in Red Hat Enterprise Linux 7 and older have not been found to be vulnerable. This vulnerability was not present in perl versions older than 5.20.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12883"
},
{
"category": "external",
"summary": "RHBZ#1492093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12883",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12883"
}
],
"release_date": "2017-09-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T18:30:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "perl: Buffer over-read in regular expression parser"
},
{
"acknowledgments": [
{
"names": [
"Perl 5 Porters"
]
},
{
"names": [
"GwanYeong Kim"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-6913",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1547772"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the pack() function in the 32-bit version of the perl interpreter was vulnerable to heap buffer overflow via the packing template. An attacker, able to provide a specially crafted template, could use this flaw to crash the interpreter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: heap buffer overflow in pp_pack.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The 64-bit versions of perl have not been found to be affected. As a result, this issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 7, and the versions of rh-perl526-perl, rh-perl524-perl and rh-perl520-perl as shipped with Red Hat Software Collections.\n\nThis issue affects the 32bit versions of perl as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue may affect the versions of perl as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6913"
},
{
"category": "external",
"summary": "RHBZ#1547772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6913",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6913"
},
{
"category": "external",
"summary": "https://rt.perl.org/Public/Bug/Display.html?id=131844",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
}
],
"release_date": "2018-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T18:30:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "perl: heap buffer overflow in pp_pack.c"
},
{
"acknowledgments": [
{
"names": [
"VinCSS"
],
"organization": "Vingroup"
},
{
"names": [
"ManhND"
],
"organization": "Tarantula Team"
}
],
"cve": "CVE-2020-10543",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2020-05-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1837975"
}
],
"notes": [
{
"category": "description",
"text": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: heap-based buffer overflow in regular expression compiler leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A heap buffer overflow vulnerability exists in the regular expression compiler of Perl packages shipped with Red Hat Enterprise Linux 6, 7, and 8. The flaw occurs in the S_study_chunk() function of regcomp.c due to a signed size_t integer overflow in storage space calculations for nested regular expression quantifiers. When untrusted regular expressions are compiled, this can lead to out-of-bounds memory writes with attacker-controlled data. The vulnerability does not depend on the data being matched, but rather on the regular expression itself. On Red Hat systems, this could result in denial of service or potential code execution when processing malicious regular expressions. Red Hat customers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler, as regular expressions in Perl can contain arbitrary code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10543"
},
{
"category": "external",
"summary": "RHBZ#1837975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837975"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10543",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10543"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T18:30:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6206"
},
{
"category": "workaround",
"details": "To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler.",
"product_ids": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "perl: heap-based buffer overflow in regular expression compiler leads to DoS"
},
{
"cve": "CVE-2022-48522",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-08-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2234416"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in the S_find_uninit_var() function in sv.c in Perl. This issue may allow an authenticated local attacker to send a specially crafted request to the application, leading to an infinite recursion, exhausting the process\u0027 stack space, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: stack-based crash in S_find_uninit_var()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable code was introduced in Perl v5.33.1. Red Hat Enterprise Linux ships Perl v5.32.1 and lower. Our code-base does not contain the vulnerable code, therefore, RHEL is not affected.\n\nWhen attempting to access a hash entry with an undefined variable as the key, an infinite recursion occurs, depleting the stack space and leading to a stack overflow. This behavior is specific to cases where \u0027-w\u0027 (\"use warnings;\") are enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-48522"
},
{
"category": "external",
"summary": "RHBZ#2234416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48522",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48522"
},
{
"category": "external",
"summary": "https://github.com/Perl/perl5/commit/23cca2d1f4544cb47f1124d98c308ce1f31f09a6",
"url": "https://github.com/Perl/perl5/commit/23cca2d1f4544cb47f1124d98c308ce1f31f09a6"
},
{
"category": "external",
"summary": "https://github.com/Perl/perl5/issues/19147",
"url": "https://github.com/Perl/perl5/issues/19147"
}
],
"release_date": "2023-08-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T18:30:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:perl-main@aarch64",
"Red Hat Hardened Images:perl-main@noarch",
"Red Hat Hardened Images:perl-main@src",
"Red Hat Hardened Images:perl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "perl: stack-based crash in S_find_uninit_var()"
}
]
}
GSD-2017-12837
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-12837",
"description": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier.",
"id": "GSD-2017-12837",
"references": [
"https://www.suse.com/security/cve/CVE-2017-12837.html",
"https://www.debian.org/security/2017/dsa-3982",
"https://ubuntu.com/security/CVE-2017-12837",
"https://advisories.mageia.org/CVE-2017-12837.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-12837"
],
"details": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier.",
"id": "GSD-2017-12837",
"modified": "2023-12-13T01:21:03.639334Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3982",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100860"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131582",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"name": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.24.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12837"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"name": "100860",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131582",
"refsource": "CONFIRM",
"tags": [],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"name": "DSA-3982",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-07-15T03:15Z",
"publishedDate": "2017-09-19T18:29Z"
}
}
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…