CVE-2022-48522 — Out-of-bounds Write in Perl

Severity

9.8CRITICALNVD

EPSS

17.3%

top 4.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 22

Latest updateNov 27

Description

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶debiandebian/perl< perl 5.36.0-4 (bookworm)

▶Debianperl/perl< 5.36.0-4+2

▶Ubuntuperl/perl< 5.30.0-9ubuntu0.5+1

▶NVDperl/perl5.34.0

OSV

perl vulnerabilities↗2023-11-27

▶

GHSA

GHSA-96cv-gp7m-9r39: In Perl 5↗2023-08-22

▶

OSV

CVE-2022-48522: In Perl 5↗2023-08-22

▶

Ubuntu

Perl vulnerabilities↗2023-11-27

▶

Red Hat

perl: stack-based crash in S_find_uninit_var()↗2023-08-22

▶

Debian

CVE-2022-48522: perl - In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that ...↗2022

▶