cbcvebase.
CVE-2022-48522
published 2023-08-22

CVE-2022-48522: In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.05%
78.8th percentile
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianperl< perl 5.36.0-4 (bookworm)perl 5.36.0-4 (bookworm)
perlperl
perlperl>= 0 < 5.36.0-45.36.0-4
perlperl>= 0 < 5.36.0-45.36.0-4
perlperl>= 0 < 5.36.0-45.36.0-4
perlperl>= 0 < 5.30.0-9ubuntu0.55.30.0-9ubuntu0.5
perlperl>= 0 < 5.34.0-3ubuntu1.35.34.0-3ubuntu1.3

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered when accessing a hash entry with an undefined variable as the key while warnings are enabled ('-w' / 'use warnings;'), causing infinite recursion and stack exhaustion.
  • The vulnerable code path is in function S_find_uninit_var() within sv.c in Perl. Monitor for stack overflow crashes or abnormal recursion depth originating from this function.
  • Only Perl versions >= 5.33.1 contain the vulnerable code. Triage affected systems by confirming Perl version; RHEL ships v5.32.1 and lower and is not affected.
  • On Ubuntu 22.04 LTS, look for Perl processes exhibiting abnormal resource consumption (CPU/memory exhaustion) consistent with infinite recursion triggered by warning-message handling.
  • ·Exploitation requires warnings to be enabled ('use warnings;' or '-w' flag). Perl deployments running without warnings are not susceptible to this specific trigger path.
  • ·The vulnerability only affects Perl 5.34.0 (introduced in v5.33.1). Versions 5.32.x and below do not contain the vulnerable code.
  • ·Debian fixed this in package version 5.36.0-4 across bookworm, forky, sid, and trixie. Bullseye is also resolved. Verify patched package versions before closing findings.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.