UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library. UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.
The Perl UnQLite module does not use a system installation of the UnQLite library, but instead includes a copy directly in the package. The embedded version of the library is from 2014 and may contain a heap-based buffer overflow error. An attacker could potentially provide crafted input data that triggers an improper heap memory operation, leading to corruption of its contents.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely (RCE), and may also lead to breaches of confidentiality, integrity, and availability of the system — in accordance with the CVSS vector (C:H/I:H/A:H).
Update the Perl UnQLite module to version 0.07 or later, which contains an updated version of the UnQLite library. Information about the change is available in the Changes file for version 0.07 on MetaCPAN.
Perl UnQLite module (Tokuhirom/UnQLite) in version 0.06 and earlier
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTokuhirom Unqlite
APPTokuhirom< 0.07
Related vulnerabilities
Amon2 dla Perl — słabe generowanie losowości w funkcjach bezpieczeństwa
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. Th...
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabl...
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function....