CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47039 – Perl: perl for windows binary hijacking vulnerability
https://notcve.org/view.php?id=CVE-2023-47039
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. • https://access.redhat.com/security/cve/CVE-2023-47039 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://bugzilla.redhat.com/show_bug.cgi?id=2249525 https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability https://security.netapp.com/advisory/ntap-20240208-0005 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47100
https://notcve.org/view.php?id=CVE-2023-47100
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. En Perl anterior a 5.38.2, S_parse_uniprop_string en regcomp.c puede escribir en espacio no asignado porque un nombre de propiedad asociado con una construcción de expresión regular \p{...} está mal manejado. La primera versión afectada es la 5.30.0. • https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-47038 – Perl: write past buffer end via illegal user-defined unicode property
https://notcve.org/view.php?id=CVE-2023-47038
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. Se encontró una vulnerabilidad en Perl. Este problema ocurre cuando Perl compila una expresión regular manipulada, lo que puede permitir que un atacante controle el desbordamiento de búfer de bytes en un búfer asignado en el almacenamiento dinámico. • https://access.redhat.com/errata/RHSA-2024:2228 https://access.redhat.com/errata/RHSA-2024:3128 https://access.redhat.com/security/cve/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48522
https://notcve.org/view.php?id=CVE-2022-48522
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. En Perl 5.34.0, la función S_find_uninit_var en sv.c tiene un bloqueo basado en pila que puede conducir a la ejecución remota de código o a la escalada de privilegios locales. • https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345 https://security.netapp.com/advisory/ntap-20230915-0008 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31486 – http-tiny: insecure TLS cert default
https://notcve.org/view.php?id=CVE-2023-31486
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=>1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server. • http://www.openwall.com/lists/oss-security/2023/04/29/1 http://www.openwall.com/lists/oss-security/2023/05/03/3 http://www.openwall.com/lists/oss-security/2023/05/03/5 http://www.openwall.com/lists/oss-security/2023/05/07/2 https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules https://github.com/chansen/p5-http-tiny/pull/153 https://hackeriet.github.io/cpan-http-tiny-overview https://www.openwall.com/lists/oss-security/2023/0 • CWE-295: Improper Certificate Validation CWE-1188: Initialization of a Resource with an Insecure Default •