Skip to main content
Skip table of contents

ISN 2023-34: Perl Vulnerabilities

First published 19 December 2023

CVSS 3.1: 8.4 (High)

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been discovered in the Perl scripting language used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 11

Details

Perl is vulnerable to a stack-based crash that can lead to remote code execution or local privilege escalation (CVE-2022-48522). This is rated as high. Additionally, when a regular expression is compiled by Perl, an attacker could craft an expression that leads to a controlled overflow in a heap allocated buffer (CVE-2023-47038, high).

Update Instructions

  • OS 11: Update to IGEL OS 11.09.160 when available.

References


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.