Perl: Security Vulnerabilities
CPAN 2.28 allows Signature Verification Bypass.
CVSS Score
7.8
EPSS Score
0.008
Published
2021-12-13
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
CVSS Score
7.8
EPSS Score
0.014
Published
2021-08-11
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
CVSS Score
4.7
EPSS Score
0.005
Published
2020-09-17
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-09-16
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
CVSS Score
7.1
EPSS Score
0.006
Published
2020-09-16
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
CVSS Score
5.5
EPSS Score
0.006
Published
2020-09-16
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
CVSS Score
5.3
EPSS Score
0.027
Published
2020-09-11
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
CVSS Score
5.3
EPSS Score
0.027
Published
2020-09-11
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-09-11
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVSS Score
7.5
EPSS Score
0.06
Published
2020-06-05