OESA-2022-1549
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1549
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1549.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2022-1549
- Upstream
- Published
- 2022-03-07T11:03:34Z
- Modified
- 2025-09-03T06:17:32.648849Z
- Summary
- perl-Encode security update
- Details
-
Character encodings in Perl.
Security Fix(es):
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.(CVE-2021-36770)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / perl-Encode
Package
- Name
- perl-Encode
- Purl
- pkg:rpm/openEuler/perl-Encode&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.06-2.oe1
Ecosystem specific
{
"x86_64": [
"perl-Encode-3.06-2.oe1.x86_64.rpm",
"perl-Encode-debugsource-3.06-2.oe1.x86_64.rpm",
"perl-Encode-devel-3.06-2.oe1.x86_64.rpm",
"perl-Encode-debuginfo-3.06-2.oe1.x86_64.rpm"
],
"src": [
"perl-Encode-3.06-2.oe1.src.rpm"
],
"aarch64": [
"perl-Encode-3.06-2.oe1.aarch64.rpm",
"perl-Encode-devel-3.06-2.oe1.aarch64.rpm",
"perl-Encode-debugsource-3.06-2.oe1.aarch64.rpm",
"perl-Encode-debuginfo-3.06-2.oe1.aarch64.rpm"
],
"noarch": [
"perl-Encode-help-3.06-2.oe1.noarch.rpm"
]
}
openEuler:20.03-LTS-SP2 / perl-Encode
Package
- Name
- perl-Encode
- Purl
- pkg:rpm/openEuler/perl-Encode&distro=openEuler-20.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.06-2.oe1
Ecosystem specific
{
"x86_64": [
"perl-Encode-debuginfo-3.06-2.oe1.x86_64.rpm",
"perl-Encode-devel-3.06-2.oe1.x86_64.rpm",
"perl-Encode-debugsource-3.06-2.oe1.x86_64.rpm",
"perl-Encode-3.06-2.oe1.x86_64.rpm"
],
"src": [
"perl-Encode-3.06-2.oe1.src.rpm"
],
"aarch64": [
"perl-Encode-devel-3.06-2.oe1.aarch64.rpm",
"perl-Encode-debuginfo-3.06-2.oe1.aarch64.rpm",
"perl-Encode-debugsource-3.06-2.oe1.aarch64.rpm",
"perl-Encode-3.06-2.oe1.aarch64.rpm"
],
"noarch": [
"perl-Encode-help-3.06-2.oe1.noarch.rpm"
]
}
openEuler:20.03-LTS-SP3 / perl-Encode
Package
- Name
- perl-Encode
- Purl
- pkg:rpm/openEuler/perl-Encode&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.06-2.oe1
Ecosystem specific
{
"x86_64": [
"perl-Encode-debugsource-3.06-2.oe1.x86_64.rpm",
"perl-Encode-devel-3.06-2.oe1.x86_64.rpm",
"perl-Encode-3.06-2.oe1.x86_64.rpm",
"perl-Encode-debuginfo-3.06-2.oe1.x86_64.rpm"
],
"src": [
"perl-Encode-3.06-2.oe1.src.rpm"
],
"aarch64": [
"perl-Encode-3.06-2.oe1.aarch64.rpm",
"perl-Encode-devel-3.06-2.oe1.aarch64.rpm",
"perl-Encode-debuginfo-3.06-2.oe1.aarch64.rpm",
"perl-Encode-debugsource-3.06-2.oe1.aarch64.rpm"
],
"noarch": [
"perl-Encode-help-3.06-2.oe1.noarch.rpm"
]
}