CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47039 – Perl: perl for windows binary hijacking vulnerability
https://notcve.org/view.php?id=CVE-2023-47039
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. • https://access.redhat.com/security/cve/CVE-2023-47039 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://bugzilla.redhat.com/show_bug.cgi?id=2249525 https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability https://security.netapp.com/advisory/ntap-20240208-0005 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31484 – perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS
https://notcve.org/view.php?id=CVE-2023-31484
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to `verify_SSL` missing when suing the `HTTP::Tiny` library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing confidentiality or integrity issues. • http://www.openwall.com/lists/oss-security/2023/04/29/1 http://www.openwall.com/lists/oss-security/2023/05/03/3 http://www.openwall.com/lists/oss-security/2023/05/03/5 http://www.openwall.com/lists/oss-security/2023/05/07/2 https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules https://github.com/andk/cpanpm/pull/175 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL https:& • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31486 – http-tiny: insecure TLS cert default
https://notcve.org/view.php?id=CVE-2023-31486
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=>1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server. • http://www.openwall.com/lists/oss-security/2023/04/29/1 http://www.openwall.com/lists/oss-security/2023/05/03/3 http://www.openwall.com/lists/oss-security/2023/05/03/5 http://www.openwall.com/lists/oss-security/2023/05/07/2 https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules https://github.com/chansen/p5-http-tiny/pull/153 https://hackeriet.github.io/cpan-http-tiny-overview https://www.openwall.com/lists/oss-security/2023/0 • CWE-295: Improper Certificate Validation CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-36770
https://notcve.org/view.php?id=CVE-2021-36770
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. Encode.pm, distribuido en Perl versiones hasta 5.34.0, permite a usuarios locales alcanzar privilegios por medio de una biblioteca Encode::ConfigLocal (en el directorio de trabajo actual) que se adelanta a una carga dinámica de módulos. Una explotación requiere una configuración inusual, y determinadas versiones 2021 de Encode.pm (3.05 hasta 3.11). • https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33 https://metacpan.org/dist/Encode/changes https://news.cpanel.com/unscheduled-tsr-10-august-2021 https://security-tracker.debian.org/tracker • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-12723 – perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS
https://notcve.org/view.php?id=CVE-2020-12723
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. En el archivo regcomp.c en Perl versiones anteriores a 5.30.3, permite un desbordamiento del búfer por medio de una expresión regular diseñada debido a llamadas recursivas de la función S_study_chunk • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 https://github.com/Perl/perl5/issues/16947 https://github.com/Perl/perl5/issues/17743 https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE https://security.g • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-185: Incorrect Regular Expression •