CVE-2022-48522
published 2023-08-22CVE-2022-48522: In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.05%
78.8th percentile
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | perl | < perl 5.36.0-4 (bookworm) | perl 5.36.0-4 (bookworm) |
| perl | perl | — | — |
| perl | perl | >= 0 < 5.36.0-4 | 5.36.0-4 |
| perl | perl | >= 0 < 5.36.0-4 | 5.36.0-4 |
| perl | perl | >= 0 < 5.36.0-4 | 5.36.0-4 |
| perl | perl | >= 0 < 5.30.0-9ubuntu0.5 | 5.30.0-9ubuntu0.5 |
| perl | perl | >= 0 < 5.34.0-3ubuntu1.3 | 5.34.0-3ubuntu1.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered when accessing a hash entry with an undefined variable as the key while warnings are enabled ('-w' / 'use warnings;'), causing infinite recursion and stack exhaustion. ↗
- →The vulnerable code path is in function S_find_uninit_var() within sv.c in Perl. Monitor for stack overflow crashes or abnormal recursion depth originating from this function. ↗
- →Only Perl versions >= 5.33.1 contain the vulnerable code. Triage affected systems by confirming Perl version; RHEL ships v5.32.1 and lower and is not affected. ↗
- →On Ubuntu 22.04 LTS, look for Perl processes exhibiting abnormal resource consumption (CPU/memory exhaustion) consistent with infinite recursion triggered by warning-message handling. ↗
- ·Exploitation requires warnings to be enabled ('use warnings;' or '-w' flag). Perl deployments running without warnings are not susceptible to this specific trigger path. ↗
- ·The vulnerability only affects Perl 5.34.0 (introduced in v5.33.1). Versions 5.32.x and below do not contain the vulnerable code. ↗
- ·Debian fixed this in package version 5.36.0-4 across bookworm, forky, sid, and trixie. Bullseye is also resolved. Verify patched package versions before closing findings. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Perl vulnerabilities
vendor_ubuntu·2023-11-27·CVSS 9.8
CVE-2022-48522 [CRITICAL] Perl vulnerabilities
Title: Perl vulnerabilities
Summary: Several security issues were fixed in Perl.
It was discovered that Perl incorrectly handled printing certain warning
messages. An attacker could possibly use this issue to cause Perl to
consume resources, leading to a denial of service. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-48522)
Nathan Mills discovered that Perl incorrectly handled certain regular
expressions. An attacker could use this issue to cause Perl to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-47038)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
perl: stack-based crash in S_find_uninit_var()
vendor_redhat·2023-08-22·CVSS 9.8
CVE-2022-48522 [CRITICAL] CWE-121 perl: stack-based crash in S_find_uninit_var()
perl: stack-based crash in S_find_uninit_var()
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
A stack-based buffer overflow vulnerability was found in the S_find_uninit_var() function in sv.c in Perl. This issue may allow an authenticated local attacker to send a specially crafted request to the application, leading to an infinite recursion, exhausting the process' stack space, resulting in a denial of service.
Statement: The vulnerable code was introduced in Perl v5.33.1. Red Hat Enterprise Linux ships Perl v5.32.1 and lower. Our code-base does not contain the vulnerable code, therefore, RHEL is not affected.
When attempting to access a hash entry with an undefined variable as the key, an
Debian
CVE-2022-48522: perl - In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that ...
vendor_debian·2022·CVSS 9.8
CVE-2022-48522 [CRITICAL] CVE-2022-48522: perl - In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that ...
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Scope: local
bookworm: resolved (fixed in 5.36.0-4)
bullseye: resolved
forky: resolved (fixed in 5.36.0-4)
sid: resolved (fixed in 5.36.0-4)
trixie: resolved (fixed in 5.36.0-4)
OSV
perl vulnerabilities
osv·2023-11-27·CVSS 9.8
CVE-2022-48522 [CRITICAL] perl vulnerabilities
perl vulnerabilities
It was discovered that Perl incorrectly handled printing certain warning
messages. An attacker could possibly use this issue to cause Perl to
consume resources, leading to a denial of service. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-48522)
Nathan Mills discovered that Perl incorrectly handled certain regular
expressions. An attacker could use this issue to cause Perl to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-47038)
GHSA
GHSA-96cv-gp7m-9r39: In Perl 5
ghsa_unreviewed·2023-08-22
CVE-2022-48522 [CRITICAL] CWE-787 GHSA-96cv-gp7m-9r39: In Perl 5
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
OSV
CVE-2022-48522: In Perl 5
osv·2023-08-22·CVSS 9.8
CVE-2022-48522 [CRITICAL] CVE-2022-48522: In Perl 5
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345https://security.netapp.com/advisory/ntap-20230915-0008/https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345https://security.netapp.com/advisory/ntap-20230915-0008/
2023-08-22
Published