CVE-2023-47039 – Perl: perl for windows binary hijacking vulnerability
https://notcve.org/view.php?id=CVE-2023-47039
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. • https://access.redhat.com/security/cve/CVE-2023-47039 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://bugzilla.redhat.com/show_bug.cgi?id=2249525 https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability https://security.netapp.com/advisory/ntap-20240208-0005 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-47100
https://notcve.org/view.php?id=CVE-2023-47100
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. En Perl anterior a 5.38.2, S_parse_uniprop_string en regcomp.c puede escribir en espacio no asignado porque un nombre de propiedad asociado con una construcción de expresión regular \p{...} está mal manejado. La primera versión afectada es la 5.30.0. • https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2023-31486 – http-tiny: insecure TLS cert default
https://notcve.org/view.php?id=CVE-2023-31486
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=>1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server. • http://www.openwall.com/lists/oss-security/2023/04/29/1 http://www.openwall.com/lists/oss-security/2023/05/03/3 http://www.openwall.com/lists/oss-security/2023/05/03/5 http://www.openwall.com/lists/oss-security/2023/05/07/2 https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules https://github.com/chansen/p5-http-tiny/pull/153 https://hackeriet.github.io/cpan-http-tiny-overview https://www.openwall.com/lists/oss-security/2023/0 • CWE-295: Improper Certificate Validation CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2023-31484 – perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS
https://notcve.org/view.php?id=CVE-2023-31484
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to `verify_SSL` missing when suing the `HTTP::Tiny` library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing confidentiality or integrity issues. • http://www.openwall.com/lists/oss-security/2023/04/29/1 http://www.openwall.com/lists/oss-security/2023/05/03/3 http://www.openwall.com/lists/oss-security/2023/05/03/5 http://www.openwall.com/lists/oss-security/2023/05/07/2 https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules https://github.com/andk/cpanpm/pull/175 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL https:& • CWE-295: Improper Certificate Validation •
CVE-2021-36770
https://notcve.org/view.php?id=CVE-2021-36770
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. Encode.pm, distribuido en Perl versiones hasta 5.34.0, permite a usuarios locales alcanzar privilegios por medio de una biblioteca Encode::ConfigLocal (en el directorio de trabajo actual) que se adelanta a una carga dinámica de módulos. Una explotación requiere una configuración inusual, y determinadas versiones 2021 de Encode.pm (3.05 hasta 3.11). • https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33 https://metacpan.org/dist/Encode/changes https://news.cpanel.com/unscheduled-tsr-10-august-2021 https://security-tracker.debian.org/tracker • CWE-427: Uncontrolled Search Path Element •