PT-2012-1726 · Perl+1 · Digest+1

Vincent Danen

Published

2011-11-03

Updated

2017-09-19

CVE-2011-3597

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Digest module versions prior to 1.17

Description The issue allows context-dependent attackers to execute arbitrary commands via the new constructor. This is related to an eval injection vulnerability in the Digest module for Perl.

Recommendations For versions prior to 1.17, update to version 1.17 or later to resolve the issue. As a temporary workaround, consider restricting the use of the new constructor in the Digest module until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-3597

RHSA-2011:1424

RHSA-2011:1797

RHSA-2011_1424

RHSA-2011_1797

Affected Products

Digest

Red Hat

PT-2012-1726 · Perl+1 · Digest+1

CVE-2011-3597

Weakness Enumeration

Related Identifiers

Affected Products

References · 28