Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
[
{
"signature_type": "Line",
"target": {
"file": "regcomp.c"
},
"deprecated": false,
"source": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8",
"digest": {
"threshold": 0.9,
"line_hashes": [
"208104537241862015831634570263967234427",
"109591170869883114777358144374189721285",
"42157035885487481933578822453596385796",
"237969083252350185014251097330798889379",
"45097971996926810749490705492650370133",
"230966189757621904955279591980719521506",
"88705216833813009544652802488462210001",
"56173345468256524049152942639616975726",
"300773050691948700241669343172250730207",
"121820201678158919733163831528671585272",
"310588222029912181777022496131260583560",
"281244469944256167855163107970183219175",
"254830404964833400002945178185556661331",
"223580085282543282527595686443513234487",
"327152608380150713768016125315165903436",
"139906220994111558633442498771552722674",
"336094069936405312381050738761245432689",
"127430501669018389257824546445626650970",
"219367538197480082652513924286798074336",
"298568298838796895977971181804043196548",
"162798474371039859738863733184015458404",
"147763636824437493179178872939034505123",
"120366056670382842213562300168405503265",
"98292714333485444554882717394695247440",
"280476054667861016036867082192224374617",
"270702158668501381413521551564839322307",
"154834673169728590277918734626009749031",
"282795605729960764972949036122775751497",
"48736620628819294166149503231881451329",
"219206564171465552255387231819258155000",
"28891289692587006929580919957390536796"
]
},
"id": "CVE-2020-10878-46330eb7",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "S_study_chunk",
"file": "regcomp.c"
},
"deprecated": false,
"source": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8",
"digest": {
"function_hash": "8524261638944156246531292791513314139",
"length": 39571.0
},
"id": "CVE-2020-10878-a23aab87",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "proto.h"
},
"deprecated": false,
"source": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8",
"digest": {
"threshold": 0.9,
"line_hashes": [
"266707645065597100250598232329532688965",
"318833503918020161080704189708195538048",
"300315180498650684150983846777006318956",
"94467647870240928604985091390006031359"
]
},
"id": "CVE-2020-10878-a3007ae4",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "regcomp.c"
},
"deprecated": false,
"source": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"3840977799240975092823894552098954302",
"15398398186972486692698487670236188008",
"317332006618180849538479490202505779090",
"211605267963493101098760161537409340653"
]
},
"id": "CVE-2020-10878-a4469696",
"signature_version": "v1"
}
]