15 matches found
CVE-2026-49146
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...
CVE-2026-49146
CVE-2026-49146 affects App::Ack for Perl prior to 3.10.0. A project .ackrc can set --before-context to an unbounded positive integer, causing ack to allocate a before-context buffer of that size and trigger memory exhaustion. Public descriptions specify the attack path: ack searches upward for a ...
CVE-2026-49146 App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...
CVE-2026-49146
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...
EUVD-2026-42288
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...
CVE-2026-49145
CVE-2026-49145 affects App::Ack for Perl up to version 3.10.0. The flaw arises because ack searches upward for a project .ackrc and loads its options; the project-source blocklist did not include --files-from, allowing a project .ackrc to set --files-from to a path whose listed files ack will rea...
CVE-2026-49145 App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...
CVE-2026-49145
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...
EUVD-2013-6865
Malware in sbrugna...
openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)
update to ack 2.12: fixes potential remote code execution via per-project .ackrc files bnc855340 CVE-2013-7069 - prevents the --pager, --regex and --output options from being used from project-level ackrc files, preventing possible code execution when using ack through malicious files - --pager,...
CVE-2013-7069
ack 2.00 through 2.1102 allows remote attackers to execute arbitrary code via a 1 --pager, 2 --regex, or 3 --output option in a .ackrc file in a directory to be searched...
CVE-2013-7069
ack 2.00 through 2.1102 allows remote attackers to execute arbitrary code via a 1 --pager, 2 --regex, or 3 --output option in a .ackrc file in a directory to be searched...
Design/Logic Flaw
ack 2.00 through 2.1102 allows remote attackers to execute arbitrary code via a 1 --pager, 2 --regex, or 3 --output option in a .ackrc file in a directory to be searched...
UBUNTU-CVE-2013-7069
ack 2.00 through 2.1102 allows remote attackers to execute arbitrary code via a 1 --pager, 2 --regex, or 3 --output option in a .ackrc file in a directory to be searched...
CVE-2013-7069
ack 2.00 through 2.1102 allows remote attackers to execute arbitrary code via a 1 --pager, 2 --regex, or 3 --output option in a .ackrc file in a directory to be searched...