CVE-2021-36770 in Middleware Common Libraries and Toolsinfo

Summary

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

07/17/2021

Disclosure

08/12/2021

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
218719	Oracle Middleware Common Libraries and Tools Third Party Patch uncontrolled search path	427	Not defined	Official fix	CVE-2021-36770
180668	Encode.pm ConfigLocal uncontrolled search path	427	Not defined	Official fix	CVE-2021-36770

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!