CVE-2017-0373

EPSS 0.49%
Veröffentlicht 23.05.2017 18:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security@debian.org
CVE-Watchlists
Login
Unerledigt
Login

The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Config-model Project ≫ Config-model Version <= 2.101

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.626

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes

Release Notes

https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773

Patch

https://security-tracker.debian.org/tracker/CVE-2017-0373

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-0373

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-0373

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-0373

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-0373