cbcvebase.
CVE-2011-3597
published 2012-01-13

CVE-2011-3597: Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.

PriorityP262high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
13.53%
96.0th percentile
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.

Affected

22 ranges
VendorProductVersion rangeFixed in
debianperl< perl 5.12.4-6 (bookworm)perl 5.12.4-6 (bookworm)
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
gisle_aasdigest
perlperl>= 0 < 5.12.4-65.12.4-6
perlperl>= 0 < 5.12.4-65.12.4-6
perlperl>= 0 < 5.12.4-65.12.4-6
perlperl>= 0 < 5.12.4-65.12.4-6

Detection & IOCsextracted from sources · hover to see the quote

commandDigest->new("::MD5lprint 'ownaide\n';exit(1);")
  • Monitor for eval() calls in Perl processes where the argument to Digest->new() constructor contains characters indicative of code injection (e.g., semicolons, print statements, exit calls, or arbitrary Perl expressions) rather than a plain algorithm name string.
  • Flag use of Digest module versions prior to 1.17 in Perl environments; the vulnerable code path is the 'new' constructor performing an unsanitized eval of the algorithm name (e.g., `eval "require $class"`).
  • Investigate deserialization paths using Data::Serializer that invoke Digest->new() with attacker-controlled algorithm names, as this is a known exploitation vector for this CVE.
  • ·Exploitation requires the attacker to control the algorithm name argument passed to Digest->new(); this is considered a high-complexity precondition, reducing practical exploitability.
  • ·Red Hat Directory Server 8 (perl package) was marked 'Will not fix', meaning patched versions may not be available for all affected platforms.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.