CVE-2011-3597

Digest < 1.17 - Eval Injection via new Constructor

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3597. PoCs published by anonymous.

AI-analyzed exploit summary This exploit leverages a vulnerability in the Perl Digest module (versions prior to 1.17) to inject and execute arbitrary Perl code. The PoC demonstrates a simple command injection via the `Digest->new` method.

Description

Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.

Exploits (1)

exploitdb WORKING POC VERIFIED
by anonymous · textremotelinux
https://www.exploit-db.com/exploits/36199

This exploit leverages a vulnerability in the Perl Digest module (versions prior to 1.17) to inject and execute arbitrary Perl code. The PoC demonstrates a simple command injection via the `Digest->new` method.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Perl Digest module < 1.17
No auth needed
Prerequisites: Perl environment with vulnerable Digest module installed
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:009
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1797.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1643-1
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:008
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1424.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46279
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51457
Various Sources x_refsource_confirm
http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49911

Scores

EPSS 0.1353
EPSS Percentile 96.0%

Details

CWE
CWE-20
Status published
Products (17)
gisle_aas/digest 1.00
gisle_aas/digest 1.01
gisle_aas/digest 1.02
gisle_aas/digest 1.03
gisle_aas/digest 1.04
gisle_aas/digest 1.05
gisle_aas/digest 1.06
gisle_aas/digest 1.07
gisle_aas/digest 1.08
gisle_aas/digest 1.09
... and 7 more
Published Jan 13, 2012
Tracked Since Feb 18, 2026