Vulnerability Details CVE-2013-7284
The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.6%
CVSS Severity
CVSS v2 Score 6.8
References
- http://seclists.org/oss-sec/2014/q1/56
- http://seclists.org/oss-sec/2014/q1/62
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789
- https://bugzilla.redhat.com/show_bug.cgi?id=1030572
- https://bugzilla.redhat.com/show_bug.cgi?id=1051108
- https://rt.cpan.org/Public/Bug/Display.html?id=90474
- http://seclists.org/oss-sec/2014/q1/56
- http://seclists.org/oss-sec/2014/q1/62
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789
- https://bugzilla.redhat.com/show_bug.cgi?id=1030572
- https://bugzilla.redhat.com/show_bug.cgi?id=1051108
- https://rt.cpan.org/Public/Bug/Display.html?id=90474
Products affected by CVE-2013-7284
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2000
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2001
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2002
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2003
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2010
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2011
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2012
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2013
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2014
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2016
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2017
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2018
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2019
-
cpe:2.3:a:malcolm_nooning:pirpc:0.2020