Lucene search
FreeBSDCB22A9A6-C907-11EE-8D1C-40B034429ECFHistoryDec 29, 2023 - 12:00 a.m.
p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability
2023-12-2900:00:00
vuxml.freebsd.org
8
spreadsheet::parseexcel
perl module
arbitrary code execution
vulnerability
number format strings
excel parsing logic
unvalidated input
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8
Confidence
Low
EPSS
0.06
Percentile
93.6%
Spreadsheet-ParseExcel reports:
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files.
Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability
due to passing unvalidated input from a file into a string-type eval "eval".
Specifically, the issue stems from the evaluation of Number format strings
(not to be confused with printf-style format strings) within the Excel parsing logic.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | p5-spreadsheet-parseexcel | < 0.66 | UNKNOWN |
References
Related
nessus
nessus
debian
debian
[SECURITY] [DLA 3702-1] libspreadsheet-parseexcel-perl security update
2023-12-31 01:09:30
[SECURITY] [DSA 5592-1] libspreadsheet-parseexcel-perl security update
2023-12-30 16:14:19
osv
osv
libspreadsheet-parseexcel-perl - security update
2023-12-31 00:00:00
libspreadsheet-parseexcel-perl vulnerability
2024-05-21 13:21:26
perl-Spreadsheet-ParseExcel-0.660.0-1.1 on GA media
2024-06-15 00:00:00
cisa_kev
cisa_kev
Spreadsheet::ParseExcel Remote Code Execution Vulnerability
2024-01-02 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0158-1)
2024-01-19 00:00:00
Debian: Security Advisory (DSA-5592-1)
2024-01-12 00:00:00
Fedora: Security Advisory (FEDORA-2023-921f6975c2)
2024-01-18 00:00:00
ubuntu
ubuntu
Spreadsheet::ParseExcel vulnerability
2024-05-21 00:00:00
vulnrichment
vulnrichment
CVE-2023-7101 Arbitrary Code Execution (ACE) Vulnerability
2023-12-24 21:34:46
cve
cve
CVE-2023-7101
2023-12-24 22:15:07
debiancve
debiancve
CVE-2023-7101
2023-12-24 22:15:07
ubuntucve
ubuntucve
CVE-2023-7101
2023-12-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2024-01-12 20:48:40
cvelist
cvelist
CVE-2023-7101 Arbitrary Code Execution (ACE) Vulnerability
2023-12-24 21:34:46
alpinelinux
alpinelinux
CVE-2023-7101
2023-12-24 22:15:07
attackerkb
attackerkb
CVE-2023-7101
2023-12-24 00:00:00
CVE-2023-7102
2023-12-24 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: perl-Spreadsheet-ParseExcel-0.6600-1.fc39
2024-01-08 01:24:14
[SECURITY] Fedora 38 Update: perl-Spreadsheet-ParseExcel-0.6600-1.fc38
2024-01-08 01:34:38
amazon
amazon
Important: perl-Spreadsheet-ParseExcel
2024-01-19 01:19:00
prion
prion
Format string
2023-12-24 22:15:00
nvd
nvd
CVE-2023-7101
2023-12-24 22:15:07
thn
thn
Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances
2023-12-27 12:35:00
avleonov
avleonov
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8
Confidence
Low
EPSS
0.06
Percentile
93.6%
Related for CB22A9A6-C907-11EE-8D1C-40B034429ECF