CVE-2010-1168 — Perl vulnerability

CWE-26413 documents7 sources

Severity

7.5HIGHNVD

NVD6.0

EPSS

4.5%

top 10.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl Postgresql +1 more

Timeline

PublishedJun 21

Latest updateMay 17

Description

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDrafael_garcia-suarez/safe15 versions+14

▶debiandebian/perl< perl 5.10.1-13 (bookworm)

▶Debianperl/perl< 5.10.1-13+3

▶NVDpostgresql/postgresql114 versions+113

🔴Vulnerability Details

GHSA

GHSA-gq7f-mcrw-ghw7: The PL/perl and PL/Tcl implementations in PostgreSQL 7↗2022-05-17

▶

GHSA

GHSA-wvgg-c5pp-f6w9: The Safe (aka Safe↗2022-05-02

▶

OSV

CVE-2010-1168: The Safe (aka Safe↗2010-06-21

▶

📋Vendor Advisories

Ubuntu

Perl vulnerabilities↗2011-05-03

▶

Red Hat

PL/Tcl): SECURITY DEFINER function keyword bypass↗2010-10-05

▶

Red Hat

Safe: Intended restriction bypass via object references↗2010-05-20

▶

Red Hat

perl: multiple unspecified vulnerabilities in Safe↗2010-05-08

▶

Debian

CVE-2010-1168: perl - The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent atta...↗2010

▶

💬Community

Bugzilla

CVE-2010-1974 perl: multiple unspecified vulnerabilities in Safe↗2010-05-19

▶

Bugzilla

CVE-2010-1447 perl: Safe restriction bypass when reference to subroutine in compartment is called from outside↗2010-05-03

▶

Bugzilla

CVE-2010-1168 perl Safe: Intended restriction bypass via object references↗2010-03-24

▶