CVE-2010-1447Code Injection in Perl

CWE-264CWE-94Code Injection15 documents7 sources
Severity
8.5HIGHNVD
NVD6.0
EPSS
0.5%
top 36.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PerlDebian PerlPostgresql
Timeline
PublishedMay 19
Latest updateMay 17

Description

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages3 packages

debiandebian/perl< perl 5.12.3-1 (bookworm)
Debianperl/perl< 5.12.3-1+3
NVDpostgresql/postgresql117 versions+116

Patches

Patch: www.vupen.comPatch: www.vupen.com

🔴Vulnerability Details

4
GHSA
GHSA-gq7f-mcrw-ghw7: The PL/perl and PL/Tcl implementations in PostgreSQL 72022-05-17
GHSA
GHSA-cjg9-jpjg-2p4r: PostgreSQL 72022-05-02
GHSA
GHSA-f2r8-6hg3-mv9j: The Safe (aka Safe2022-05-02
OSV
CVE-2010-1447: The Safe (aka Safe2010-05-19

📋Vendor Advisories

5
Ubuntu
Perl vulnerabilities2011-05-03
Red Hat
PL/Tcl): SECURITY DEFINER function keyword bypass2010-10-05
Red Hat
perl: Safe restriction bypass when reference to subroutine in compartment is called from outside2010-05-17
Red Hat
PostgreSQL: PL/Perl Intended restriction bypass2010-05-17
Debian
CVE-2010-1447: perl - The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as u...2010

💬Community

3
Bugzilla
CVE-2010-1974 perl: multiple unspecified vulnerabilities in Safe2010-05-19
Bugzilla
CVE-2010-1447 perl: Safe restriction bypass when reference to subroutine in compartment is called from outside2010-05-03
Bugzilla
CVE-2010-1168 perl Safe: Intended restriction bypass via object references2010-03-24