7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.02 Low
EPSS
Percentile
89.0%
John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory (which might be changed to another directory without the user realising) and potentially leading to privilege escalation (CVE-2016-1238). The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value (CVE-2017-6512). Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier (CVE-2017-12837). Jakub Wilk reported a buffer over-read flaw in the regular expression parser, allowing a remote attacker to cause a denial of service or information leak (CVE-2017-12883). The perl-libintl-perl, perl-MIME-Charset, perl-MIME-EncWords, perl-Module-Build, perl-Sys-Syslog, and perl-Unicode-LineBreak packages have been patched and the perl-Module-Load-Conditional and perl-Net-DNS packages have been updated to fix CVE-2016-1238 as well. The perl-File-Path package has also been patched to fix CVE-2017-6512.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | perl | < 5.20.1-8.7 | perl-5.20.1-8.7.mga5 |
Mageia | 5 | noarch | perl-libintl-perl | < 1.230.0-6.1 | perl-libintl-perl-1.230.0-6.1.mga5 |
Mageia | 5 | noarch | perl-mime-charset | < 1.11.1-4.1 | perl-MIME-Charset-1.11.1-4.1.mga5 |
Mageia | 5 | noarch | perl-mime-encwords | < 1.14.2-4.1 | perl-MIME-EncWords-1.14.2-4.1.mga5 |
Mageia | 5 | noarch | perl-module-build | < 0.421.0-5.1 | perl-Module-Build-0.421.0-5.1.mga5 |
Mageia | 5 | noarch | perl-module-load-conditional | < 0.680.0-1 | perl-Module-Load-Conditional-0.680.0-1.mga5 |
Mageia | 5 | noarch | perl-net-dns | < 1.90.0-0 | perl-Net-DNS-1.90.0-0.mga5 |
Mageia | 5 | noarch | perl-sys-syslog | < 0.330.0-7.1 | perl-Sys-Syslog-0.330.0-7.1.mga5 |
Mageia | 5 | noarch | perl-unicode-linebreak | < 2014.60.0-5.1 | perl-Unicode-LineBreak-2014.60.0-5.1.mga5 |
Mageia | 5 | noarch | perl-file-path | < 2.90.0-4.1 | perl-File-Path-2.90.0-4.1.mga5 |
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.02 Low
EPSS
Percentile
89.0%