CPANSA-perl-2022-48522: perl vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2023-08-22T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2023-08-22T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 9.8 | Severity | |
Original language | Language | en | |
Also referred to |
Vulnerability Description
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Vulnerabilities
CVE-2022-48522
Vulnerability DescriptionIn Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Weakness | CWE-787 : Out-of-bounds Write |
---|
Product status
Known affected
Product | Score | ||||||||
---|---|---|---|---|---|---|---|---|---|
perl equal 5.34.0 |
|
Fixed
- perl greater than or equal 5.34.1
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-perl-2022-48522 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2023/cpansa-perl-2022-48522.json - https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345 external
https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48522 external
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48522 - https://security.netapp.com/advisory/ntap-20230915-0008/ external
https://security.netapp.com/advisory/ntap-20230915-0008/ - https://ubuntu.com/security/CVE-2022-48522 external
https://ubuntu.com/security/CVE-2022-48522 - CVE-2022-48522 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2022-48522
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Tue Aug 22 00:00:00 2023 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/