{"id":"CVE-2020-12723","details":"regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.","modified":"2026-04-16T04:35:46.308856408Z","published":"2020-06-05T15:15:10.800Z","related":["SUSE-SU-2020:1662-1","SUSE-SU-2020:1682-1","SUSE-SU-2020:1682-2","openSUSE-SU-2020:0850-1","openSUSE-SU-2024:11158-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"},{"type":"ADVISORY","url":"https://github.com/Perl/perl5/issues/17743"},{"type":"ADVISORY","url":"https://github.com/Perl/perl5/issues/16947"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"},{"type":"ADVISORY","url":"https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202006-03"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200611-0001/"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"FIX","url":"https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"},{"type":"FIX","url":"https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/Perl/perl5","events":[{"introduced":"0"},{"fixed":"65ddc30325817c6cd4df6ca1d4a1af2383875c3f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.30.3"}]}},{"type":"GIT","repo":"https://github.com/perl/perl5","events":[{"introduced":"0"},{"fixed":"66bbb51b93253a3f87d11c2695cfb7bdb782184a"}]}],"versions":["GitLive-blead","if-0.0603","if-0.0604","if-0.0605","perl-1.0","perl-2.0","perl-3.000","perl-3.044","perl-4.0.00","perl-4.0.36","perl-5.000","perl-5.000o","perl-5.001","perl-5.001n","perl-5.002","perl-5.002_01","perl-5.003","perl-5.005","perl-5.6.0","perl-5.7.0","perl-5.7.1","perl-5.7.2","perl-5.7.3","perl-5.8.0","perl-5.9.0","perl-5.9.1","perl-5.9.2","perl-5.9.3","perl-5.9.4","perl-5.9.5","perl-5a2","perl-5a9","v5.10.0","v5.11.0","v5.11.1","v5.11.3","v5.11.4","v5.11.5","v5.12.0","v5.12.0-RC0","v5.12.0-RC1","v5.12.0-RC2","v5.12.0-RC3","v5.12.0-RC4","v5.12.0-RC5","v5.13.0","v5.13.1","v5.13.10","v5.13.11","v5.13.2","v5.13.3","v5.13.4","v5.13.5","v5.13.6","v5.13.7","v5.13.8","v5.13.9","v5.14.0","v5.14.0-RC1","v5.14.0-RC2","v5.14.0-RC3","v5.15.0","v5.15.1","v5.15.2","v5.15.3","v5.15.4","v5.15.5","v5.15.9","v5.16.0","v5.16.0-RC1","v5.16.0-RC2","v5.17.0","v5.17.2","v5.17.4","v5.17.6","v5.17.7","v5.17.7.0","v5.17.8","v5.17.9","v5.18.0","v5.18.0-RC1","v5.18.0-RC2","v5.18.0-RC3","v5.18.0-RC4","v5.19.0","v5.19.1","v5.19.11","v5.19.2","v5.19.3","v5.19.5","v5.19.7","v5.20.0","v5.20.0-RC1","v5.21.0","v5.21.1","v5.21.10","v5.21.11","v5.21.4","v5.21.5","v5.21.6","v5.21.8","v5.21.9","v5.22.0","v5.22.0-RC1","v5.22.0-RC2","v5.23.0","v5.23.1","v5.23.2","v5.23.3","v5.23.4","v5.23.6","v5.23.7","v5.24.0","v5.24.0-RC1","v5.24.0-RC2","v5.24.0-RC3","v5.24.0-RC4","v5.24.0-RC5","v5.25.0","v5.25.11","v5.25.2","v5.25.3","v5.25.4","v5.25.5","v5.25.7","v5.25.9","v5.26.0","v5.26.0-RC2","v5.27.0","v5.27.10","v5.27.11","v5.27.3","v5.27.5","v5.27.6","v5.27.7","v5.27.8","v5.28.0","v5.28.0-RC1","v5.28.0-RC2","v5.28.0-RC3","v5.28.0-RC4","v5.29.0","v5.29.1","v5.29.10","v5.29.5","v5.29.6","v5.29.7","v5.29.8","v5.29.9","v5.30.0","v5.30.0-RC1","v5.30.0-RC2","v5.30.1","v5.30.1-RC1","v5.30.2","v5.30.2-RC1","v5.30.3-RC1"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","id":"CVE-2020-12723-30fdf23e","digest":{"line_hashes":["203480624669949452854064380324064641591","197404397339883460452743489996306892765","227772099697521455351235460290785570795","177464039865382705883514646952994090327"],"threshold":0.9},"source":"https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a","target":{"file":"proto.h"},"signature_version":"v1","deprecated":false},{"signature_type":"Line","id":"CVE-2020-12723-4b7db348","digest":{"line_hashes":["86729002274194721848295635510880594673","50338106150766386916599814345799701985","79086742097433530777949159829903515548","91919910145126839322313728857788943518","113693051183944561849282898407116671172","934398555495277675317035884492299006","75132135954387788385464350551128607280","30788115625349314642282322227995092237","37177730400415107919001170160678036879","207913391674347557584764168464625754808","46364228169500989316297610556360733760","154276959630919186592528772802098970984","117163812498306981020705188917771520990","165720659799077351773800640139057944922","331178633800588774310391246561179951801","98646472573438194114891485827855305396","192982412348401547594700223971309658122","198254502299943946610477510469737855101","298657138609563696969034890489016687697","179671298669703609739948483522344575832","333306211031181835453802255852000644770","233729502324607438051166348801711581766","324756619149788560515288451381919982060","183172319025718846096452997976693660934","46271910492363322828959267465135719799","83886644861468909172979557401965789234","291211845043901155658280668352937535059","213740162296516068153928711186384571106","34266944095099788419817366331526624954","195450222414945165352582161245228199724","207001824296767524241988280926020597546","153489133722453405819475261158067996042","54837616060613758376136845274284775298","54148718801486750880052567108936229867","284285293279325384195785837185722676745","261627833436765289522498615584691087062","246217586122231701907564418584610735718","19242220974402008463580169966673288371","17891263171430185797478689338139604629","297858101622730264065343280948971102439","234164378711633949668573487295420018576","119800192812210550590552440643767006114","312874892323332768049653867220428131645","84827332098268082872893828697807143390","175990339839249553815383147686822884470","165556188077582076164433294546445218399","12186019503836784423310297211620184527","293473411344968163392604065260715322397","35578501514073061669944238776026877854","35894245716789059582141513483159214305","42086450731299831071296552478331314230","91820459734412285907834909471502942349","332550115663557354488397720969983911714","76307552322502836607877870849744231241","261736692416481568696056645535802005173","336933824459464709755500382227721156118","229576656033728593086978876346898342351","41168181207247070526083173381431038283","209942156803575846738468066410740953746","12222370678433929171880989006207472333","158041142823723754061580368534459738325","78382737532969913460405507365032130724","203330177952758804962490320438983279091","40748726925851656825659118898563617930","12309099189148368286135973956895997778","308455174348525779185568021129308204769","321818764745084766665887293643191806910","193454601511389872285572540105476368238","269312777506174676093900473050553536501","189704654022322496291017372874349031467","80304965389711097290487695020239998567","265751232484407818857289427501157621149","74751184175713824569382804195260769709","330543368975449986964714985596161037341","301961183554164231537886415263063447085","258373406107416406722995674739410359147","51061519652560804099086890259407184591","105505834546407291167822446875259493297"],"threshold":0.9},"source":"https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a","deprecated":false,"signature_version":"v1","target":{"file":"regcomp.c"}},{"signature_type":"Function","id":"CVE-2020-12723-a02e9079","digest":{"function_hash":"16114805953285418720506228000153113859","length":38840},"source":"https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a","deprecated":false,"signature_version":"v1","target":{"function":"S_study_chunk","file":"regcomp.c"}}],"vanir_signatures_modified":"2026-04-11T15:27:51Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12723.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0.3.0"}]},{"events":[{"introduced":"8.0.0"},{"last_affected":"8.5.0"}]},{"events":[{"introduced":"16.1.0"},{"last_affected":"16.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.1"}]},{"events":[{"introduced":"0"},{"last_affected":"10.2"}]},{"events":[{"introduced":"13.1"},{"last_affected":"13.4"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0.3.0"}]},{"events":[{"introduced":"10.3.0.0.0"},{"last_affected":"10.3.0.2.1"}]},{"events":[{"introduced":"10.4.0.1.0"},{"last_affected":"10.4.0.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.2.0.8"}]},{"events":[{"introduced":"0"},{"last_affected":"13.4.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.1"}]},{"events":[{"introduced":"7.4.0"},{"last_affected":"7.7.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}