Your submission was sent successfully! Close

CVE-2017-0373

Published: 23 May 2017

The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.

Priority

Medium

CVSS 3 base score: 7.3

Status

Package Release Status
libconfig-model-perl
Launchpad, Ubuntu, Debian
Upstream
Released (2.097-2)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(2.097-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.097-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.097-2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.097-2)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Distro: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773