CVE-2022-48522: Critical severity perl 5.30.0 vulnerability

Q: What is CVE-2022-48522?

CVE-2022-48522 is a vulnerability in Perl 5.34.0 that allows for a stack-based crash leading to remote code execution or local privilege escalation.

Q: What is the severity of CVE-2022-48522?

CVE-2022-48522 has a severity rating of 9.8 (Critical).

Q: How does CVE-2022-48522 affect Perl?

CVE-2022-48522 affects Perl 5.34.0.

Q: Is there a fix available for CVE-2022-48522?

Yes, a fix is available for CVE-2022-48522. It is recommended to update to a patched version of Perl 5.34.1 or later.

Q: Where can I find more information about CVE-2022-48522?

For more information about CVE-2022-48522, you can refer to the references provided: [Link 1](https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345), [Link 2](https://security.netapp.com/advisory/ntap-20230915-0008/)

Published Aug 22, 2023

Updated

In Perl 5.34.0, function Sfinduninitvar in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

Affected Software

3 affected componentsFixes available

debian/perl

5.28.1-6+deb10u15.32.1-4+deb11u35.32.1-4+deb11u15.36.0-7+deb12u15.38.2-35.38.2-3.2

ubuntu/perl<5.34.0-3ubuntu1.3

5.34.0-3ubuntu1.3

Perl Perl=5.34.0

Remediation

Patch Available

https://github.com/Perl/perl5/commit/23cca2d1f4544cb47f1124d98c308ce1f31f09a6

Event History

Aug 22, 2023

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Jan 12, 2024

Data Sourced

via Launchpad·12:13 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

USN-6517-1

Frequently Asked Questions

What is CVE-2022-48522?

CVE-2022-48522 is a vulnerability in Perl 5.34.0 that allows for a stack-based crash leading to remote code execution or local privilege escalation.

What is the severity of CVE-2022-48522?

CVE-2022-48522 has a severity rating of 9.8 (Critical).

How does CVE-2022-48522 affect Perl?