Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-48522

Опубликовано: 22 авг. 2023
Источник: redhat
CVSS3: 5.5
EPSS Средний

Описание

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

A stack-based buffer overflow vulnerability was found in the S_find_uninit_var() function in sv.c in Perl. This issue may allow an authenticated local attacker to send a specially crafted request to the application, leading to an infinite recursion, exhausting the process' stack space, resulting in a denial of service.

Отчет

The vulnerable code was introduced in Perl v5.33.1. Red Hat Enterprise Linux ships Perl v5.32.1 and lower. Our code-base does not contain the vulnerable code, therefore, RHEL is not affected. When attempting to access a hash entry with an undefined variable as the key, an infinite recursion occurs, depleting the stack space and leading to a stack overflow. This behavior is specific to cases where '-w' ("use warnings;") are enabled.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6perlNot affected
Red Hat Enterprise Linux 7perlNot affected
Red Hat Enterprise Linux 8perlNot affected
Red Hat Enterprise Linux 8perl:5.30/perlNot affected
Red Hat Enterprise Linux 8perl:5.32/perlNot affected
Red Hat Enterprise Linux 9perlNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-121->CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=2234416perl: stack-based crash in S_find_uninit_var()

EPSS

Процентиль: 95%
0.17318
Средний

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-48522

CVSS3: 9.8
ubuntu
больше 2 лет назад

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

nvd логотип

CVE-2022-48522

CVSS3: 9.8
nvd
больше 2 лет назад

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

debian логотип

CVE-2022-48522

CVSS3: 9.8
debian
больше 2 лет назад

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based c ...

github логотип

GHSA-96cv-gp7m-9r39

CVSS3: 9.8
github
больше 2 лет назад

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

fstec логотип

BDU:2023-08372

CVSS3: 9.8
fstec
больше 2 лет назад

Уязвимость функции S_find_uninit_var (sv.c) интерпретатора Perl, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 95%
0.17318
Средний

5.5 Medium

CVSS3