CVE-2021-36770 — Uncontrolled Search Path Element in Project P5-encode

CWE-427 — Uncontrolled Search Path Element CWE-426 — Untrusted Search Path9 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 70.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl P5-encode Project P5-encode Fedoraproject Fedora

Timeline

PublishedAug 11

Latest updateApr 15

Description

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDp5-encode_project/p5-encode3.05 — 3.12

▶Debianperl/perl< 5.32.1-4+deb11u1+3

Also affects: Fedora 33, 34

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-3gfh-9hwx-r3vr: Encode↗2022-05-24

▶

OSV

CVE-2021-36770: Encode↗2021-08-11

▶

CVEList

CVE-2021-36770: Encode↗2021-08-11

▶

📋Vendor Advisories

Oracle

Oracle Oracle Enterprise Manager Risk Matrix: Provisioning (Perl) — CVE-2021-36770↗2024-04-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Third Party Patch (Perl) — CVE-2021-36770↗2023-01-15

▶

Red Hat

perl-Encode: bug in local configuration loading allows arbitrary Perl code execution placed under the current working directory↗2021-08-09

▶

Ubuntu

Perl vulnerability↗2021-08-09

▶

Debian

CVE-2021-36770: libencode-perl - Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain pri...↗2021

▶