6.8

CVE-2013-7284

The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Malcolm NooningPirpc SwPlatformperl Version <= 0.2020
Malcolm NooningPirpc Version0.2000 SwPlatformperl
Malcolm NooningPirpc Version0.2001 SwPlatformperl
Malcolm NooningPirpc Version0.2002 SwPlatformperl
Malcolm NooningPirpc Version0.2003 SwPlatformperl
Malcolm NooningPirpc Version0.2010 SwPlatformperl
Malcolm NooningPirpc Version0.2011 SwPlatformperl
Malcolm NooningPirpc Version0.2012 SwPlatformperl
Malcolm NooningPirpc Version0.2013 SwPlatformperl
Malcolm NooningPirpc Version0.2014 SwPlatformperl
Malcolm NooningPirpc Version0.2016 SwPlatformperl
Malcolm NooningPirpc Version0.2017 SwPlatformperl
Malcolm NooningPirpc Version0.2018 SwPlatformperl
Malcolm NooningPirpc Version0.2019 SwPlatformperl
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.82% 0.847
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://seclists.org/oss-sec/2014/q1/56
http://seclists.org/oss-sec/2014/q1/62
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789
https://bugzilla.redhat.com/show_bug.cgi?id=1030572
https://bugzilla.redhat.com/show_bug.cgi?id=1051108
https://rt.cpan.org/Public/Bug/Display.html?id=90474
Patch