Bug 1219872 (CVE-2022-48623)

Summary:	VUL-0: CVE-2022-48623: perl-Cpanel-JSON-XS: out-of-bounds accesses that could lead to leak of sensitive information or cause a denial of service
Product:	[openSUSE] openSUSE Distribution	Reporter:	SMASH SMASH <smash_bz>
Component:	Other	Assignee:	Robert Schweikert <rjschwei>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	andrea.mattiazzo
Version:	Leap 15.6
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/393841/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2024-02-13 09:50:03 UTC

The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48623
https://github.com/briandfoy/cpan-security-advisory/blob/9374f98bef51e1ae887f293234050551c079776f/cpansa/CPANSA-Cpanel-JSON-XS.yml#L25-L36
https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.33/changes
https://www.cve.org/CVERecord?id=CVE-2022-48623
https://github.com/rurban/Cpanel-JSON-XS/issues/208

Patch:
https://github.com/rurban/Cpanel-JSON-XS/commit/41f32396eee9395a40f9ed80145c37622560de9b

Comment 1 Andrea Mattiazzo 2024-02-13 09:50:38 UTC

Tracking as affected:
- openSUSE:Backports:SLE-15-SP5/perl-Cpanel-JSON-XS