CNVD-2020-53545 — Vulnetix

CNVD-2020-53545 PUBLISHED

Perl是Perl社区的一款通用、解释型、动态的跨平台编程语言。 Perl 5.30.3之前版本中存在输入验证错误漏洞，该漏洞源于程序未正确处理\"PL_regkind[OP(n)] == NOTHING\" 情况。攻击者可借助特制的正则表达式利用该漏洞注入指令。

Affected Products

Vendor	Product	Versions
	Perl Perl <5.30.3

Exploit Intelligence

TestCommand.yaml (github-poc)

Timeline

Jun 4, 2020 CVE ID Reserved
Sep 23, 2020 CVE Published

References

https://vigilance.fr/vulnerability/Perl-Core-integer-overflow-via-Regular-Expression-Malformed-Bytecode-32366 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›