We are following up with additional information on Perl version support after the recent patches released by the Perl Steering Committee for CVE-2023-47038 andCVE-2023-47039.
What could go wrong if you don't address these two CVEs?
CVE-2023-47038 can corrupt or crash your program. Combined with another unknown or potential vulnerability in Perl or a library running with Perl where users can inject data into your running process, it may be possible for a dedicated attacker to execute malicious code remotely.
CVE-2023-47039 can allow a hacker to execute a file remotely via cmd.exe. When Perl on Windows runs shell commands–or uses the shell–it executes a program called cmd.exe. Perl looks for this file in the current process's system path. It also looks in the running program's current working directory. An attacker who has permission to create a file in that directory can place a file named cmd.exe there.
But, we're here to help. Whether you intend to continue running EOL versions of Perl, or need a safety net during your upgrade process, we can help secure your Perl v5.22+ to mitigate security risks.
You are receiving this email because you signed up for the latest insights from ActiveState. This is a monthly email that shares the more popular content we've shared recently. You can access the complete library here.
0 comments:
Post a Comment