Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
References
| Link | Resource |
|---|---|
| https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 | Patch Third Party Advisory |
| https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 | Patch Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/ | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/ | |
| https://metacpan.org/dist/Encode/changes | Third Party Advisory |
| https://news.cpanel.com/unscheduled-tsr-10-august-2021/ | Third Party Advisory |
| https://security-tracker.debian.org/tracker/CVE-2021-36770 | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20210909-0003/ | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-08-11 23:15
Updated : 2023-11-07 03:36
NVD link : CVE-2021-36770
Mitre link : CVE-2021-36770
CVE.ORG link : CVE-2021-36770
JSON object : View
Products Affected
p5-encode_project
- p5-encode
fedoraproject
- fedora
perl
- perl
CWE
CWE-427
Uncontrolled Search Path Element