Lucene search

Perl Security Vulnerabilities - 2023

cve

CVE-2022-48522

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

9.8CVSS

9.4AI Score

0.005EPSS

2023-08-22 07:16 PM

cve

CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

8.1CVSS

7.9AI Score

0.005EPSS

2023-04-29 12:15 AM

104

cve

CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

8.1CVSS

7.9AI Score

0.003EPSS

2023-04-29 12:15 AM

cve

CVE-2023-47038

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

7.8CVSS

7.5AI Score

0.0004EPSS

2023-12-18 02:15 PM

221

cve

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

9.8CVSS

9.1AI Score

0.001EPSS

2023-12-02 11:15 PM

101