CVE-2011-3597
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
13/01/2012
Last modified:
11/04/2025
Description
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gisle_aas:digest:1.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.03:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.04:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.05:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.06:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.07:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.08:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.09:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gisle_aas:digest:1.14:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc
- http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://secunia.com/advisories/46279
- http://secunia.com/advisories/51457
- http://www.mandriva.com/security/advisories?name=MDVSA-2012%3A008
- http://www.mandriva.com/security/advisories?name=MDVSA-2012%3A009
- http://www.redhat.com/support/errata/RHSA-2011-1424.html
- http://www.redhat.com/support/errata/RHSA-2011-1797.html
- http://www.securityfocus.com/bid/49911
- http://www.ubuntu.com/usn/USN-1643-1
- https://bugzilla.redhat.com/show_bug.cgi?id=743010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
- http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc
- http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://secunia.com/advisories/46279
- http://secunia.com/advisories/51457
- http://www.mandriva.com/security/advisories?name=MDVSA-2012%3A008
- http://www.mandriva.com/security/advisories?name=MDVSA-2012%3A009
- http://www.redhat.com/support/errata/RHSA-2011-1424.html
- http://www.redhat.com/support/errata/RHSA-2011-1797.html
- http://www.securityfocus.com/bid/49911
- http://www.ubuntu.com/usn/USN-1643-1
- https://bugzilla.redhat.com/show_bug.cgi?id=743010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446