Internet Explorer is no longer supported. Many things will still work, but your experience will be degraded and some things won't function. Please use a modern browser such as Edge, Chrome, or Firefox.

PGV-2387734 - USN-6517-1 -- Perl vulnerabilities

Disclosed on November 27, 2023

Vulnerability Overview

PGV-2387734 is a category 4 vulnerabilty that affects the following packages:

  • libperl5.36, versions < 0:5.36.0-9ubuntu1.1
  • libperl-dev, versions < 0:5.36.0-9ubuntu1.1
  • perl, versions < 0:5.36.0-9ubuntu1.1
  • perl-base, versions < 0:5.36.0-9ubuntu1.1
  • perl-debug, versions < 0:5.36.0-9ubuntu1.1
  • perl-doc, versions < 0:5.36.0-9ubuntu1.1
  • perl-modules-5.36, versions < 0:5.36.0-9ubuntu1.1

Risk Assessment

The risk assessment shows that this vulnerability is exlpoited by a external attacker. An unauthorized external actor who attempts to exploit this vulnerability without legitimate access.

The impact is contained to the application. Exploitation remains confined to the application and cannot affect the host environment or external systems.

The threat damage is caused by a denial of service. Exploitation can completely deny access to the application, resulting in a full outage.is caused by a data breach. Exploitation can result in full access to data within the system.is caused by data tampering. Exploitation can result in modification of any data (authorized or not) within the system.

Vulnerability Details

It was discovered that Perl incorrectly handled printing certain warning messages. An attacker could possibly use this issue to cause Perl to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-48522) Nathan Mills discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-47038) Update Instructions: Run sudo pro fix USN-6517-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.36.0-9ubuntu1.1 libperl5.36 - 5.36.0-9ubuntu1.1 perl - 5.36.0-9ubuntu1.1 perl-base - 5.36.0-9ubuntu1.1 perl-debug - 5.36.0-9ubuntu1.1 perl-doc - 5.36.0-9ubuntu1.1 perl-modules-5.36 - 5.36.0-9ubuntu1.1 No subscription required

Common Weakness Enumerations

  • CWE-787 - Out-of-bounds Write
Your Risk Profile
Network Exposure
External
Accessable from the public internet
Access Interface
WebBrowser
Primarily web-based applications
Service Outage
Disruptive
Operations would be impacted
Data Breach
Disruptive
Operations would be impacted
Data Tampering
Disruptive
Operations would be impacted
Customize
Additional Identifiers
  • CVE-2022-48522
  • oval:com.ubuntu.mantic:def:65171000000