ISN 2023-34: Perl Vulnerabilities

First published 19 December 2023

CVSS 3.1: 8.4 (High)

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been discovered in the Perl scripting language used in IGEL OS. This affects the following IGEL products:

• IGEL OS 11

Details

Perl is vulnerable to a stack-based crash that can lead to remote code execution or local privilege escalation (CVE-2022-48522). This is rated as high. Additionally, when a regular expression is compiled by Perl, an attacker could craft an expression that leads to a controlled overflow in a heap allocated buffer (CVE-2023-47038, high).

Update Instructions

• OS 11: Update to IGEL OS 11.09.160 when available.

References

• CVE-2022-48522: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- CVE-2022-48522
• CVE-2023-47038: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038