Msrc Cbl2 Perl 5.34.1-490 On Cbl Mariner 2.0 vulnerabilities

4 known vulnerabilities affecting msrc/cbl2_perl_5.34.1-490_on_cbl_mariner_2.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3

Vulnerabilities

Page 1 of 1
CVE-2024-56406HIGHCVSS 8.62025-04-08
CVE-2024-56406 [HIGH] CWE-122 Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secur
msrc
CVE-2023-47100CRITICALCVSS 9.82023-12-12
CVE-2023-47100 [HIGH] CWE-755 In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest aff In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. FAQ: Is Azure Linux the only Microsoft prod
msrc
CVE-2023-31486HIGHCVSS 8.12023-04-11
CVE-2023-31486 [HIGH] CWE-295 HTTP::Tiny before 0.083 a Perl core module since 5.13.9 and available standalone on CPAN has an insecure default TLS configuration where users must opt in to verify certificates. HTTP::Tiny before 0.083 a Perl core module since 5.13.9 and available standalone on CPAN has an insecure default TLS configuration where users must opt in to verify certificates. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentia
msrc
CVE-2023-31484HIGHCVSS 8.12023-04-11
CVE-2023-31484 [HIGH] CWE-295 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th
msrc