CVE-2011-10043

NameCVE-2011-10043
DescriptionModule::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary code.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
perl (PTS)bullseye5.32.1-4+deb11u3fixed
bullseye (security)5.32.1-4+deb11u5fixed
bookworm5.36.0-7+deb12u3fixed
bookworm (security)5.36.0-7+deb12u2fixed
trixie5.40.1-6fixed
forky, sid5.40.1-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
perlsource(unstable)5.18.1-2

Notes

https://lists.security.metacpan.org/cve-announce/msg/41608305/

Search for package or bug name: Reporting problems