CVE-2002-1323
published 2002-12-11CVE-2002-1323: Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using…
PriorityP49medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.46%
36.7th percentile
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | perl | < perl 5.8.0-14 (bookworm) | perl 5.8.0-14 (bookworm) |
| perl | perl | >= 0 < 5.8.0-14 | 5.8.0-14 |
| perl | perl | >= 0 < 5.8.0-14 | 5.8.0-14 |
| perl | perl | >= 0 < 5.8.0-14 | 5.8.0-14 |
| perl | perl | >= 0 < 5.8.0-14 | 5.8.0-14 |
| redhat | enterprise_linux | — | — |
| redhat | linux_advanced_workstation | — | — |
| safe.pm | safe.pm | — | — |
| safe.pm | safe.pm | — | — |
| sco | open_unix | — | — |
| sco | unixware | — | — |
| sco | unixware | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2002-10-04·CVSS 4.6
CVE-2002-1323 [MEDIUM] security flaw
security flaw
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
Debian
CVE-2002-1323: perl - Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attack...
vendor_debian·2002·CVSS 4.6
CVE-2002-1323 [MEDIUM] CVE-2002-1323: perl - Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attack...
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
Scope: local
bookworm: resolved (fixed in 5.8.0-14)
bullseye: resolved (fixed in 5.8.0-14)
forky: resolved (fixed in 5.8.0-14)
sid: resolved (fixed in 5.8.0-14)
trixie: resolved (fixed in 5.8.0-14)
GHSA
GHSA-qmvp-2m2m-rm8h: Safe
ghsa_unreviewed·2022-05-03
CVE-2002-1323 [MEDIUM] GHSA-qmvp-2m2m-rm8h: Safe
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
OSV
CVE-2002-1323: Safe
osv·2002-12-11·CVSS 4.6
CVE-2002-1323 [MEDIUM] CVE-2002-1323: Safe
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
No detection rules found.
No public exploits indexed.
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txtftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txtftp://patches.sgi.com/support/free/security/advisories/20030606-01-Ahttp://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.htmlhttp://bugs6.perl.org/rt2/Ticket/Display.html?id=17744http://marc.info/?l=bugtraq&m=104005919814869&w=2http://marc.info/?l=bugtraq&m=104033126305252&w=2http://marc.info/?l=bugtraq&m=104040175522502&w=2http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5http://www.debian.org/security/2002/dsa-208http://www.iss.net/security_center/static/10574.phphttp://www.osvdb.org/2183http://www.osvdb.org/3814http://www.redhat.com/support/errata/RHSA-2003-256.htmlhttp://www.redhat.com/support/errata/RHSA-2003-257.htmlhttp://www.securityfocus.com/bid/6111https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1160ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txtftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txtftp://patches.sgi.com/support/free/security/advisories/20030606-01-Ahttp://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.htmlhttp://bugs6.perl.org/rt2/Ticket/Display.html?id=17744http://marc.info/?l=bugtraq&m=104005919814869&w=2http://marc.info/?l=bugtraq&m=104033126305252&w=2http://marc.info/?l=bugtraq&m=104040175522502&w=2http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5http://www.debian.org/security/2002/dsa-208http://www.iss.net/security_center/static/10574.phphttp://www.osvdb.org/2183http://www.osvdb.org/3814http://www.redhat.com/support/errata/RHSA-2003-256.htmlhttp://www.redhat.com/support/errata/RHSA-2003-257.htmlhttp://www.securityfocus.com/bid/6111https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1160
2002-12-11
Published