SB2023112761 - Multiple vulnerabilities in Perl

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Off-by-one (CVE-ID: CVE-2023-47038)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error when processing regular expressions. A remote attacker can trigger an off-by-one error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Untrusted search path (CVE-ID: CVE-2023-47039)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData.

The vulnerability affects Windows installations only.

3) Stack-based buffer overflow (CVE-ID: CVE-2022-48522)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the S_find_uninit_var() function in sv.c. A remote attacker can pass specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-6517-1
• https://ubuntu.com/security/CVE-2023-47038
• https://metacpan.org/release/PEVANS/perl-5.38.1/view/pod/perldelta.pod
• https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345