Headline
CVE-2022-44542: Perl storable (pst) files security fix
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.
Bug 865631 - <app-text/lesspipe-2.06: Perl storable (pst) files security fix
Summary: <app-text/lesspipe-2.06: Perl storable (pst) files security fix
Status:
IN_PROGRESS
Alias:
None
Product:
Gentoo Security
Classification:
Unclassified
Component:
Vulnerabilities (show other bugs)
Hardware:
All Linux
Importance:
Normal normal (vote)
Assignee:
Gentoo Security
URL:
Whiteboard:
B2 [glsa]
Keywords:
Depends on:
872749
Blocks:
Show dependency tree
Reported:
2022-08-18 02:58 UTC by Sam James
Modified:
2022-10-31 15:37 UTC (History)
CC List:
1 user (show)
See Also:
Package list:
Runtime testing required:
—
Attachments
Add an attachment (proposed patch, testcase, etc.)
Note You need to log in before you can comment on or make changes to this bug.
Related news
Gentoo Linux Security Advisory 202211-2 - A vulnerability has been found in lesspipe which could result in arbitrary code execution. Versions less than 2.06 are affected.