Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-3597 — Improper Input Validation in Perl

CWE-20 — Improper Input Validation8 documents8 sources

Severity

7.5HIGHNVD

EPSS

9.9%

top 6.96%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Perl Debian Perl Gisle AAS Digest

Timeline

PublishedJan 13

Latest updateMay 17

Description

Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/perl< perl 5.12.4-6 (bookworm)

▶Debianperl/perl< 5.12.4-6+3

▶NVDgisle_aas/digest17 versions+16

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-42c5-x389-m7vp: Eval injection vulnerability in the Digest module before 1↗2022-05-17

▶

OSV

CVE-2011-3597: Eval injection vulnerability in the Digest module before 1↗2012-01-13

▶

💥Exploits & PoCs

Exploit-DB

Perl 5.x - Digest Module 'Digest->new()' Code Injection↗2011-10-02

▶

📋Vendor Advisories

Ubuntu

Perl vulnerabilities↗2012-11-30

▶

Red Hat

Perl Digest improper control of generation of code↗2011-10-02

▶

Debian

CVE-2011-3597: perl - Eval injection vulnerability in the Digest module before 1.17 for Perl allows co...↗2011

▶

💬Community

Bugzilla

CVE-2011-3597 Perl Digest improper control of generation of code↗2011-10-03

▶