CVE-2021-36770
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-36770
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36770.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-36770
- Related
- Published
- 2021-08-11T23:15:07Z
- Modified
- 2024-12-05T15:33:01.407097Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
- References
-
- https://security.netapp.com/advisory/ntap-20210909-0003/
- https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9
- https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/
- https://metacpan.org/dist/Encode/changes
- https://news.cpanel.com/unscheduled-tsr-10-august-2021/
- https://security-tracker.debian.org/tracker/CVE-2021-36770
- https://security.alpinelinux.org/vuln/CVE-2021-36770
Affected packages
Alpine:v3.15 / perl-encode
Package
- Name
- perl-encode
- Purl
- pkg:apk/alpine/perl-encode?arch=source
Alpine:v3.15 / perl
Package
- Name
- perl
- Purl
- pkg:apk/alpine/perl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.34.0-r1
Affected versions
5.*
5.10.0-r0
5.10.0-r1
5.10.1-r0
5.10.1-r1
5.10.1-r2
5.12.1-r0
5.12.2-r0
5.12.2-r1
5.12.3-r0
5.14.0-r0
5.14.1-r0
5.14.2-r0
5.14.2-r1
5.16.0-r0
5.16.1-r0
5.16.2-r0
5.16.3-r0
5.18.0-r0
5.18.1-r0
5.18.2-r0
5.20.0-r0
5.20.1-r0
5.20.2-r0
5.20.2-r1
5.22.0-r0
5.22.1-r0
5.22.2-r0
5.24.0-r0
5.24.0-r1
5.24.0-r2
5.24.1-r0
5.24.1-r1
5.24.1-r2
5.26.0-r0
5.26.1-r0
5.26.1-r1
5.26.2-r0
5.26.2-r1
5.26.3-r0
5.28.1-r0
5.28.2-r0
5.28.2-r1
5.30.0-r0
5.30.0-r1
5.30.0-r2
5.30.1-r0
5.30.2-r0
5.30.3-r0
5.30.3-r1
5.30.3-r2
5.32.0-r0
5.32.1-r0
5.34.0-r0
Alpine:v3.16 / perl-encode
Package
- Name
- perl-encode
- Purl
- pkg:apk/alpine/perl-encode?arch=source
Alpine:v3.16 / perl
Package
- Name
- perl
- Purl
- pkg:apk/alpine/perl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.34.0-r1
Affected versions
5.*
5.10.0-r0
5.10.0-r1
5.10.1-r0
5.10.1-r1
5.10.1-r2
5.12.1-r0
5.12.2-r0
5.12.2-r1
5.12.3-r0
5.14.0-r0
5.14.1-r0
5.14.2-r0
5.14.2-r1
5.16.0-r0
5.16.1-r0
5.16.2-r0
5.16.3-r0
5.18.0-r0
5.18.1-r0
5.18.2-r0
5.20.0-r0
5.20.1-r0
5.20.2-r0
5.20.2-r1
5.22.0-r0
5.22.1-r0
5.22.2-r0
5.24.0-r0
5.24.0-r1
5.24.0-r2
5.24.1-r0
5.24.1-r1
5.24.1-r2
5.26.0-r0
5.26.1-r0
5.26.1-r1
5.26.2-r0
5.26.2-r1
5.26.3-r0
5.28.1-r0
5.28.2-r0
5.28.2-r1
5.30.0-r0
5.30.0-r1
5.30.0-r2
5.30.1-r0
5.30.2-r0
5.30.3-r0
5.30.3-r1
5.30.3-r2
5.32.0-r0
5.32.1-r0
5.34.0-r0
Alpine:v3.17 / perl-encode
Package
- Name
- perl-encode
- Purl
- pkg:apk/alpine/perl-encode?arch=source
Alpine:v3.17 / perl
Package
- Name
- perl
- Purl
- pkg:apk/alpine/perl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.34.0-r1
Affected versions
5.*
5.10.0-r0
5.10.0-r1
5.10.1-r0
5.10.1-r1
5.10.1-r2
5.12.1-r0
5.12.2-r0
5.12.2-r1
5.12.3-r0
5.14.0-r0
5.14.1-r0
5.14.2-r0
5.14.2-r1
5.16.0-r0
5.16.1-r0
5.16.2-r0
5.16.3-r0
5.18.0-r0
5.18.1-r0
5.18.2-r0
5.20.0-r0
5.20.1-r0
5.20.2-r0
5.20.2-r1
5.22.0-r0
5.22.1-r0
5.22.2-r0
5.24.0-r0
5.24.0-r1
5.24.0-r2
5.24.1-r0
5.24.1-r1
5.24.1-r2
5.26.0-r0
5.26.1-r0
5.26.1-r1
5.26.2-r0
5.26.2-r1
5.26.3-r0
5.28.1-r0
5.28.2-r0
5.28.2-r1
5.30.0-r0
5.30.0-r1
5.30.0-r2
5.30.1-r0
5.30.2-r0
5.30.3-r0
5.30.3-r1
5.30.3-r2
5.32.0-r0
5.32.1-r0
5.34.0-r0
Alpine:v3.18 / perl-encode
Package
- Name
- perl-encode
- Purl
- pkg:apk/alpine/perl-encode?arch=source
Alpine:v3.18 / perl
Package
- Name
- perl
- Purl
- pkg:apk/alpine/perl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.34.0-r1
Affected versions
5.*
5.10.0-r0
5.10.0-r1
5.10.1-r0
5.10.1-r1
5.10.1-r2
5.12.1-r0
5.12.2-r0
5.12.2-r1
5.12.3-r0
5.14.0-r0
5.14.1-r0
5.14.2-r0
5.14.2-r1
5.16.0-r0
5.16.1-r0
5.16.2-r0
5.16.3-r0
5.18.0-r0
5.18.1-r0
5.18.2-r0
5.20.0-r0
5.20.1-r0
5.20.2-r0
5.20.2-r1
5.22.0-r0
5.22.1-r0
5.22.2-r0
5.24.0-r0
5.24.0-r1
5.24.0-r2
5.24.1-r0
5.24.1-r1
5.24.1-r2
5.26.0-r0
5.26.1-r0
5.26.1-r1
5.26.2-r0
5.26.2-r1
5.26.3-r0
5.28.1-r0
5.28.2-r0
5.28.2-r1
5.30.0-r0
5.30.0-r1
5.30.0-r2
5.30.1-r0
5.30.2-r0
5.30.3-r0
5.30.3-r1
5.30.3-r2
5.32.0-r0
5.32.1-r0
5.34.0-r0
Alpine:v3.19 / perl-encode
Package
- Name
- perl-encode
- Purl
- pkg:apk/alpine/perl-encode?arch=source
Alpine:v3.19 / perl
Package
- Name
- perl
- Purl
- pkg:apk/alpine/perl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.34.0-r1
Affected versions
5.*
5.10.0-r0
5.10.0-r1
5.10.1-r0
5.10.1-r1
5.10.1-r2
5.12.1-r0
5.12.2-r0
5.12.2-r1
5.12.3-r0
5.14.0-r0
5.14.1-r0
5.14.2-r0
5.14.2-r1
5.16.0-r0
5.16.1-r0
5.16.2-r0
5.16.3-r0
5.18.0-r0
5.18.1-r0
5.18.2-r0
5.20.0-r0
5.20.1-r0
5.20.2-r0
5.20.2-r1
5.22.0-r0
5.22.1-r0
5.22.2-r0
5.24.0-r0
5.24.0-r1
5.24.0-r2
5.24.1-r0
5.24.1-r1
5.24.1-r2
5.26.0-r0
5.26.1-r0
5.26.1-r1
5.26.2-r0
5.26.2-r1
5.26.3-r0
5.28.1-r0
5.28.2-r0
5.28.2-r1
5.30.0-r0
5.30.0-r1
5.30.0-r2
5.30.1-r0
5.30.2-r0
5.30.3-r0
5.30.3-r1
5.30.3-r2
5.32.0-r0
5.32.1-r0
5.34.0-r0
Alpine:v3.20 / perl-encode
Package
- Name
- perl-encode
- Purl
- pkg:apk/alpine/perl-encode?arch=source
Alpine:v3.20 / perl
Package
- Name
- perl
- Purl
- pkg:apk/alpine/perl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.34.0-r1
Affected versions
5.*
5.10.0-r0
5.10.0-r1
5.10.1-r0
5.10.1-r1
5.10.1-r2
5.12.1-r0
5.12.2-r0
5.12.2-r1
5.12.3-r0
5.14.0-r0
5.14.1-r0
5.14.2-r0
5.14.2-r1
5.16.0-r0
5.16.1-r0
5.16.2-r0
5.16.3-r0
5.18.0-r0
5.18.1-r0
5.18.2-r0
5.20.0-r0
5.20.1-r0
5.20.2-r0
5.20.2-r1
5.22.0-r0
5.22.1-r0
5.22.2-r0
5.24.0-r0
5.24.0-r1
5.24.0-r2
5.24.1-r0
5.24.1-r1
5.24.1-r2
5.26.0-r0
5.26.1-r0
5.26.1-r1
5.26.2-r0
5.26.2-r1
5.26.3-r0
5.28.1-r0
5.28.2-r0
5.28.2-r1
5.30.0-r0
5.30.0-r1
5.30.0-r2
5.30.1-r0
5.30.2-r0
5.30.3-r0
5.30.3-r1
5.30.3-r2
5.32.0-r0
5.32.1-r0
5.34.0-r0
Alpine:v3.21 / perl-encode
Package
- Name
- perl-encode
- Purl
- pkg:apk/alpine/perl-encode?arch=source
Alpine:v3.21 / perl
Package
- Name
- perl
- Purl
- pkg:apk/alpine/perl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.34.0-r1
Affected versions
5.*
5.10.0-r0
5.10.0-r1
5.10.1-r0
5.10.1-r1
5.10.1-r2
5.12.1-r0
5.12.2-r0
5.12.2-r1
5.12.3-r0
5.14.0-r0
5.14.1-r0
5.14.2-r0
5.14.2-r1
5.16.0-r0
5.16.1-r0
5.16.2-r0
5.16.3-r0
5.18.0-r0
5.18.1-r0
5.18.2-r0
5.20.0-r0
5.20.1-r0
5.20.2-r0
5.20.2-r1
5.22.0-r0
5.22.1-r0
5.22.2-r0
5.24.0-r0
5.24.0-r1
5.24.0-r2
5.24.1-r0
5.24.1-r1
5.24.1-r2
5.26.0-r0
5.26.1-r0
5.26.1-r1
5.26.2-r0
5.26.2-r1
5.26.3-r0
5.28.1-r0
5.28.2-r0
5.28.2-r1
5.30.0-r0
5.30.0-r1
5.30.0-r2
5.30.1-r0
5.30.2-r0
5.30.3-r0
5.30.3-r1
5.30.3-r2
5.32.0-r0
5.32.1-r0
5.34.0-r0
Debian:11 / libencode-perl
Package
- Name
- libencode-perl
- Purl
- pkg:deb/debian/libencode-perl?arch=source
Debian:12 / libencode-perl
Package
- Name
- libencode-perl
- Purl
- pkg:deb/debian/libencode-perl?arch=source
Debian:13 / libencode-perl
Package
- Name
- libencode-perl
- Purl
- pkg:deb/debian/libencode-perl?arch=source
Debian:11 / perl
Package
- Name
- perl
- Purl
- pkg:deb/debian/perl?arch=source
Debian:12 / perl
Package
- Name
- perl
- Purl
- pkg:deb/debian/perl?arch=source
Debian:13 / perl
Package
- Name
- perl
- Purl
- pkg:deb/debian/perl?arch=source
Git / github.com/dankogai/p5-encode
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dankogai/p5-encode
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/perl/perl5
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.100
2.27
2.28
2.29
2.30
2.31
2.32
2.33
2.34
2.35
2.37
2.39
2.40
2.41
2.42
2.43
2.44
2.45
2.46
2.47
2.48
2.49
2.50
2.51
2.52
2.53
2.54
2.55
2.56
2.57
2.58
2.59
2.60
2.61
2.62
2.63
2.64
2.65
2.66
2.67
2.68
2.69
2.70
2.71
2.72
2.73
2.74
2.75
2.76
2.77
2.78
2.79
2.80
2.82
2.84
2.85
2.86
2.87
2.88
2.89
2.90
2.91
2.92
2.93
2.94
2.95
2.96
2.97
2.98
2.99
3.*
3.00
3.01
3.02
3.03
3.04
3.05
3.06
3.07
3.08
3.09
3.10
3.11
Other
GitLive-blead
perl-5a2
perl-5a9
if-0.*
if-0.0602
if-0.0603
if-0.0604
if-0.0605
perl-1.*
perl-1.0
perl-2.*
perl-2.0
perl-3.*
perl-3.000
perl-3.044
perl-4.*
perl-4.0.00
perl-4.0.36
perl-5.*
perl-5.000
perl-5.000o
perl-5.001
perl-5.001n
perl-5.002
perl-5.002_01
perl-5.003
perl-5.003_01
perl-5.003_02
perl-5.003_03
perl-5.003_04
perl-5.003_05
perl-5.003_07
perl-5.003_08
perl-5.003_09
perl-5.003_10
perl-5.003_11
perl-5.003_12
perl-5.003_13
perl-5.003_14
perl-5.003_15
perl-5.003_16
perl-5.003_17
perl-5.003_18
perl-5.003_19
perl-5.003_20
perl-5.003_21
perl-5.003_22
perl-5.003_23
perl-5.003_24
perl-5.003_25
perl-5.003_26
perl-5.003_27
perl-5.003_28
perl-5.003_90
perl-5.003_91
perl-5.003_92
perl-5.003_93
perl-5.003_94
perl-5.003_95
perl-5.003_96
perl-5.003_97
perl-5.003_97a
perl-5.003_97b
perl-5.003_97c
perl-5.003_97d
perl-5.003_97e
perl-5.003_97f
perl-5.003_97g
perl-5.003_97h
perl-5.003_97i
perl-5.003_97j
perl-5.003_98
perl-5.003_99
perl-5.003_99a
perl-5.004
perl-5.004_01
perl-5.004_02
perl-5.004_03
perl-5.004_04
perl-5.005
perl-5.005_01
perl-5.005_02
perl-5.6.0
perl-5.7.0
perl-5.7.1
perl-5.7.2
perl-5.7.3
perl-5.8.0
perl-5.9.0
perl-5.9.1
perl-5.9.2
perl-5.9.3
perl-5.9.4
perl-5.9.5
v5.*
v5.10.0
v5.11.0
v5.11.1
v5.11.2
v5.11.3
v5.11.4
v5.11.5
v5.12.0
v5.12.0-RC0
v5.12.0-RC1
v5.12.0-RC2
v5.12.0-RC3
v5.12.0-RC4
v5.12.0-RC5
v5.13.0
v5.13.1
v5.13.10
v5.13.11
v5.13.2
v5.13.3
v5.13.4
v5.13.5
v5.13.6
v5.13.7
v5.13.8
v5.13.9
v5.14.0
v5.14.0-RC1
v5.14.0-RC2
v5.14.0-RC3
v5.15.0
v5.15.1
v5.15.2
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16.0
v5.16.0-RC1
v5.16.0-RC2
v5.17.0
v5.17.1
v5.17.10
v5.17.11
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.7.0
v5.17.8
v5.17.9
v5.18.0
v5.18.0-RC1
v5.18.0-RC2
v5.18.0-RC3
v5.18.0-RC4
v5.19.0
v5.19.1
v5.19.10
v5.19.11
v5.19.2
v5.19.3
v5.19.4
v5.19.5
v5.19.6
v5.19.7
v5.19.8
v5.19.9
v5.20.0
v5.20.0-RC1
v5.21.0
v5.21.1
v5.21.10
v5.21.11
v5.21.2
v5.21.3
v5.21.4
v5.21.5
v5.21.6
v5.21.7
v5.21.8
v5.21.9
v5.22.0
v5.22.0-RC1
v5.22.0-RC2
v5.23.0
v5.23.1
v5.23.2
v5.23.3
v5.23.4
v5.23.5
v5.23.6
v5.23.7
v5.23.8
v5.23.9
v5.24.0
v5.24.0-RC1
v5.24.0-RC2
v5.24.0-RC3
v5.24.0-RC4
v5.24.0-RC5
v5.25.0
v5.25.1
v5.25.10
v5.25.11
v5.25.12
v5.25.2
v5.25.3
v5.25.4
v5.25.5
v5.25.6
v5.25.7
v5.25.8
v5.25.9
v5.26.0
v5.26.0-RC1
v5.26.0-RC2
v5.27.0
v5.27.1
v5.27.10
v5.27.11
v5.27.2
v5.27.3
v5.27.4
v5.27.5
v5.27.6
v5.27.7
v5.27.8
v5.27.9
v5.28.0
v5.28.0-RC1
v5.28.0-RC2
v5.28.0-RC3
v5.28.0-RC4
v5.29.0
v5.29.1
v5.29.10
v5.29.2
v5.29.3
v5.29.4
v5.29.5
v5.29.6
v5.29.7
v5.29.8
v5.29.9
v5.30.0
v5.30.0-RC1
v5.30.0-RC2
v5.31.0
v5.31.1
v5.31.10
v5.31.11
v5.31.2
v5.31.3
v5.31.4
v5.31.5
v5.31.6
v5.31.7
v5.31.8
v5.31.9
v5.32.0
v5.32.0-RC0
v5.32.0-RC1
v5.33.0
v5.33.1
v5.33.2
v5.33.3
v5.33.4
v5.33.5
v5.33.6
v5.33.7
v5.33.8
v5.33.9
v5.34.0
v5.34.0-RC1
v5.34.0-RC2
v5.35.0
v5.35.1
v5.35.2