CPANSA-perl-2022-48522: perl vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2023-08-22T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2023-08-22T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	9.8	Severity
Original language		Language	en
Also referred to

Vulnerability Description

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

Vulnerabilities

CVE-2022-48522

Vulnerability Description

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

Weakness	CWE-787 : Out-of-bounds Write

Product status

Known affected

Product

Score

perl equal 5.34.0

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8	Critical

Fixed

perl greater than or equal 5.34.1

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-perl-2022-48522 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2023/cpansa-perl-2022-48522.json
https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345 external
https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48522 external
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48522
https://security.netapp.com/advisory/ntap-20230915-0008/ external
https://security.netapp.com/advisory/ntap-20230915-0008/
https://ubuntu.com/security/CVE-2022-48522 external
https://ubuntu.com/security/CVE-2022-48522
CVE-2022-48522 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2022-48522

Revision history

Version	Date of the revision	Summary of the revision
1	Tue Aug 22 00:00:00 2023	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/