VDB

ALPINE-CVE-2020-10878

ALPINE-CVE-2020-10878 PUBLISHED CVSS 8.600000381469727 HIGH

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Risk Scores

CVSS v3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected Products

VendorProductVersions
Alpine:v3.17perl5.18.0-r0, 5.30.2-r0, 5.30.1-r0
Alpine:v3.10perl5.28.2-r1, 5.28.2-r0, 5.28.1-r0
Alpine:v3.23perl5.24.1-r2, 5.30.2-r0, 5.30.1-r0
Alpine:v3.18perl5.26.0-r0, 5.26.1-r0, 5.26.2-r0
Alpine:v3.11perl0, 5.30.1-r0, 5.30.0-r2
Alpine:v3.21perl5.10.1-r2, 5.30.2-r0, 5.30.1-r0
Alpine:v3.19perl5.26.0-r0, 5.10.0-r0, 5.10.0-r1
Alpine:v3.14perl5.24.1-r1, 5.26.0-r0, 5.24.1-r2
Alpine:v3.20perl5.20.0-r0, 5.12.2-r0, 5.12.2-r1
Alpine:v3.16perl5.28.2-r0, 0, 5.10.0-r0
Alpine:v3.12perl5.30.2-r0, 5.10.0-r0, 5.10.1-r0
Alpine:v3.15perl5.30.2-r0, 5.10.0-r0, 5.10.0-r1
Alpine:v3.22perl5.30.2-r0, 5.30.1-r0, 5.30.0-r2
Alpine:v3.9perl5.26.3-r0, 0, 5.10.0-r0
Alpine:v3.13perl5.20.2-r1, 5.22.0-r0, 5.22.1-r0

Timeline

  • Jun 5, 2020 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›