CVE-2011-3597

Perl <1.17 - Command Injection

Title source: llm
STIX 2.1

Description

Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.

Exploits (1)

exploitdb WORKING POC VERIFIED
by anonymous · textremotelinux
https://www.exploit-db.com/exploits/36199

References (14)

Core 14
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:009
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1797.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1643-1
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:008
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1424.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46279
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51457
Various Sources x_refsource_confirm
http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49911

Scores

EPSS 0.0961
EPSS Percentile 93.0%

Details

CWE
CWE-20
Status published
Products (17)
gisle_aas/digest 1.00
gisle_aas/digest 1.01
gisle_aas/digest 1.02
gisle_aas/digest 1.03
gisle_aas/digest 1.04
gisle_aas/digest 1.05
gisle_aas/digest 1.06
gisle_aas/digest 1.07
gisle_aas/digest 1.08
gisle_aas/digest 1.09
... and 7 more
Published Jan 13, 2012
Tracked Since Feb 18, 2026