What is the severity of CVE-2011-3597?

CVE-2011-3597 has been classified as a high severity vulnerability due to its potential for arbitrary code execution.

How do I fix CVE-2011-3597?

To fix CVE-2011-3597, update the Digest module to version 1.17 or later.

What versions of Digest are affected by CVE-2011-3597?

CVE-2011-3597 affects versions of the Digest module from 1.00 to 1.16.

Can CVE-2011-3597 lead to remote code execution?

Yes, CVE-2011-3597 can potentially allow an attacker to execute arbitrary Perl code remotely.

What is the nature of the flaw in CVE-2011-3597?

The flaw in CVE-2011-3597 is related to improper input sanitization in the Digest->new() function.

Vulnerability/
CVE-2011-3597

high

7.5

CWE

3/10/2011

13/1/2012

6/8/2024

CVE-2011-3597: Input Validation

First published: Mon Oct 03 2011(Updated: )

A flaw was reported [1] in perl Digest module's "Digest->new()" function, which did not properly sanitize input before using it in an eval() call, which could possibly be exploited to inject and execute arbitrary perl code. The flaw is fixed in version 1.17 [2] and affects at least as far back as perl 5.8.5. The following patch will correct the flaw (selectively taken from upstream's 1.16->1.17 differences): --- Digest.pm.org 2011-10-03 09:10:29.019681252 -0600 +++ Digest.pm 2011-10-03 09:11:18.630250656 -0600 @@ -35,7 +35,9 @@ sub new ($class, @args) = @$class if ref($class); no strict 'refs'; unless (exists ${"$class\::"}{"VERSION"}) { - eval "require $class"; + my $pm_file = $class . ".pm"; + $pm_file =~ s{::}{/}g; + eval { require $pm_file }; if ($@) { $err ||= $@; next; [1] <a href="https://secunia.com/advisories/46279/">https://secunia.com/advisories/46279/</a> [2] <a href="http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes">http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Digest	=1.10
Digest	=1.03
Digest	=1.07
Digest	=1.01
Digest	=1.16
Digest	=1.00
Digest	=1.06
Digest	=1.11
Digest	=1.12
Digest	=1.14
Digest	=1.09
Digest	=1.04
Digest	=1.15
Digest	=1.13
Digest	=1.02
Digest	=1.05
Digest	=1.08

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=743010

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-3597?
CVE-2011-3597 has been classified as a high severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2011-3597?
To fix CVE-2011-3597, update the Digest module to version 1.17 or later.
What versions of Digest are affected by CVE-2011-3597?
CVE-2011-3597 affects versions of the Digest module from 1.00 to 1.16.
Can CVE-2011-3597 lead to remote code execution?
Yes, CVE-2011-3597 can potentially allow an attacker to execute arbitrary Perl code remotely.
What is the nature of the flaw in CVE-2011-3597?
The flaw in CVE-2011-3597 is related to improper input sanitization in the Digest->new() function.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/remedy
agent/references
agent/last-modified-date
agent/weakness
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2011-3597
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/gisle aas
canonical/digest
version/digest/1.10
version/digest/1.03
version/digest/1.07
version/digest/1.01
version/digest/1.16
version/digest/1.00
version/digest/1.06
version/digest/1.11
version/digest/1.12
version/digest/1.14
version/digest/1.09
version/digest/1.04
version/digest/1.15
version/digest/1.13
version/digest/1.02
version/digest/1.05
version/digest/1.08