CVE-2023-31484: Input Validation
Published Apr 28, 2023
·Updated
Accounts. A logic issue was addressed with improved file handling.
Other sources
APFS. This issue was addressed through improved state management.
— Apple
Apple Account. The issue was addressed with improved handling of protocols.
— Apple
Apple Software Restore. The issue was addressed with improved checks.
— Apple
AppleGraphicsControl. The issue was addressed with improved memory handling.
— Apple
AppleMobileFileIntegrity. The issue was addressed with improved checks.
— Apple
Credit
Mickey Jin@@patch1t(Kandji), Csaba Fitzl@@theevilbit(Kandji), D4m0n, Mickey Jin@@patch1t, Arsenii Kostromin (0x3c3e), CertiK SkyFall Team, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Dillon Franke(Google Project Zero), Smi1e@@Smi1eSEC, an anonymous researcher, Michael Cohen, D’Angelo Gonzalez(CrowdStrike), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Kirin@@Pwnrin, 7feilee, Gary Kwong, Anonymous(Trend Micro Zero Day Initiative), Junsung Lee(Trend Micro Zero Day Initiative), Ye Zhang@@VAR10CK(Baidu Security), Joseph Ravichandran@@0xjprx(MIT CSAIL), sohybbyk, Hyerean Jang, Taehun Kim, Youngjoo Shin, CVE-2024-45490, 风沐云烟@@binary_fmyy, Meng Zhang (鲸落)(NorthSea), Andrew James Gonzalez, Dragon Fruit Security (Davis Dai, ORAC 落云, Frank Du cooperative discovery), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), 神罚@@Pwnrin, Bohdan Stasiuk@@Bohdan_Stasiuk, Abhay Kailasia@@abhay_kailasia(C), Rakeshkumar Talaviya, Tomomasa Hiraiwa, Talal Haj Bakry(Mysk Inc), Tommy Mysk@@mysk_co(Mysk Inc), CVE-2016-1246, CVE-2023-31484, CVE-2023-31486, CVE-2023-47100, Jacob Braun, Rei@@reizydev, Kenneth Chew, Zhongquan Li@@Guluisacat, Michael DePlante@@izobashi(Trend Micro's Zero Day Initiative), Yokesh Muthu K, Csaba Fitzl@@theevilbit(OffSec), Mickey Jin@@patch1t(Microsoft), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Amy@@asentientbot, Rodolphe BRUNETTI@@eisw0lf, CVE-2024-45306, Seunghyun Lee, Brendon Tiszka(Google Project Zero), linjy(HKUS3Lab), chluo(WHUSecLab), Xiangwei Zhang(Tencent Security YUNDING LAB), Tashita Software Security, Lukas Bernhard, Halle Winkler, Politepix theoffcuts.org, Trent Lloyd@@lathiat, Wojciech Regula(SecuRing), Benjamin Hornbeck(ZUSO ART), Skadz@@skadz108(ZUSO ART), Chi Yuan Chang(ZUSO ART), taikosoup
Affected Software
8 affected componentsFixes available
IBM Cognos Analytics<=12.0-12.0.2
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
Cpanpm Project Cpanpm<2.35
Perl Perl<5.38.0
F5 Traffix SDC=5.1.0
5.2.0
Apple macOS Sequoia<15.2
15.2
Microsoft cbl2 perl 5.34.1-489
Microsoft cbl2 perl 5.34.1-490
Remediation
Patch Available
Patch Available
Patch Available
Event History
Apr 28, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Apr 29, 2023
Data Sourced
via NVD·12:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Jun 29, 2023
Data Sourced
via Red Hat·07:13 PM
DescriptionSeverityAffected Software
Sep 13, 2024
Advisory Published
via F5·04:22 PM
Dec 11, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Sep 4, 2025
Data Sourced
via Microsoft·05:23 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·05:23 AM
Affected Software
Updated
via Microsoft·05:23 AM
DescriptionSeverity
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2024-54488
- CVE-2024-54541
- CVE-2024-40864
- CVE-2024-54477
- CVE-2024-44220
- CVE-2024-54526
- CVE-2024-54527
- CVE-2024-54490
- CVE-2024-54509
- CVE-2024-54568
- CVE-2024-54529
- CVE-2024-54550
- CVE-2024-44271
- CVE-2024-54513
- CVE-2024-44300
- CVE-2024-54466
- CVE-2024-54489
- CVE-2024-54547
- CVE-2024-54519
- CVE-2024-54486
- CVE-2024-44291
- CVE-2024-54478
- CVE-2024-54499
- CVE-2024-54500
- CVE-2024-54517
- CVE-2024-54518
- CVE-2024-54522
- CVE-2024-54523
- CVE-2024-54506
- CVE-2024-54468
- CVE-2024-54507
- CVE-2024-54494
- CVE-2024-54510
- CVE-2024-44245
- CVE-2024-54531
- CVE-2024-54465
- CVE-2024-45490
- CVE-2024-54514
- CVE-2024-44225
- CVE-2024-54491
- CVE-2024-54484
- CVE-2024-54525
- CVE-2024-54536
- CVE-2024-54504
- CVE-2024-54474
- CVE-2024-54476
- CVE-2024-54530
- CVE-2024-54492
- CVE-2016-1246
- CVE-2023-31484
- CVE-2023-31486
- CVE-2023-47100
- CVE-2023-32395
- CVE-2024-54497
- CVE-2024-54537
- CVE-2024-44246
- CVE-2024-54542
- CVE-2024-54559
- CVE-2024-54501
- CVE-2024-54557
- CVE-2024-54516
- CVE-2024-54515
- CVE-2024-54528
- CVE-2024-54524
- CVE-2024-54498
- CVE-2024-54493
- CVE-2024-54533
- CVE-2024-44243
- CVE-2024-44224
- CVE-2024-54495
- CVE-2024-54549
- CVE-2024-54475
- CVE-2024-54520
- CVE-2024-45306
- CVE-2024-54485
- CVE-2024-54479
- CVE-2024-54502
- CVE-2024-54508
- CVE-2024-54505
- CVE-2024-54534
- CVE-2024-54543
- CVE-2024-54539
- CVE-2024-54565
Frequently Asked Questions
1
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-31484.
2
What is the severity of CVE-2023-31484?
The severity of CVE-2023-31484 is high with a CVSS score of 8.1.
3
What is the affected software for CVE-2023-31484?
The affected software for CVE-2023-31484 includes CPAN.pm versions up to and excluding 2.35 and Perl versions up to and excluding 5.38.0.
4
What is the description of CVE-2023-31484?
CVE-2023-31484 is a vulnerability in CPAN.pm that allows an attacker to download distributions over HTTPS without verifying the TLS certificates.
5
How can I fix CVE-2023-31484?
To fix CVE-2023-31484, it is recommended to update CPAN.pm to a version 2.35 or higher.