DEBIAN-CVE-2021-36770

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-36770

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-36770.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-36770

Upstream

CVE-2021-36770

Published

2021-08-11T23:15:07Z

Modified

2025-09-19T07:31:42.811253Z

Summary

[none]

Details

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.

References

https://security-tracker.debian.org/tracker/CVE-2021-36770

Affected packages

Debian:11

libencode-perl

Package

Name: libencode-perl
Purl: pkg:deb/debian/libencode-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.08-1+deb11u1

Affected versions

3.*

3.08-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.32.1-4+deb11u1

Affected versions

5.*

5.32.1-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

libencode-perl

Package

Name: libencode-perl
Purl: pkg:deb/debian/libencode-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.08-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.32.1-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

libencode-perl

Package

Name: libencode-perl
Purl: pkg:deb/debian/libencode-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.08-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.32.1-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

libencode-perl

Package

Name: libencode-perl
Purl: pkg:deb/debian/libencode-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.08-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.32.1-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}