VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 19, 2013· Updated Apr 29, 2026

CVE-2013-2145

CVE-2013-2145

Description

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.

Affected products

9
  • Perlmonks/Module\3 versions
    cpe:2.3:a:perlmonks:module\:\:signature:0.70:*:*:*:*:perl:*:*+ 2 more
    • cpe:2.3:a:perlmonks:module\:\:signature:0.70:*:*:*:*:perl:*:*
    • cpe:2.3:a:perlmonks:module\:\:signature:0.71:*:*:*:*:perl:*:*
    • cpe:2.3:a:perlmonks:module\:\:signature:*:*:*:*:*:perl:*:*range: <=0.72
  • Canonical/Ubuntu Linux3 versions
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE3 versions
    cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

Patches

2
cbd06b392a73
https://github.com/audreyt/module-signaturevia nvd-ref
commit
575f7bd6ba4c
https://github.com/audreyt/module-signaturevia nvd-ref
commit

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

8

News mentions

0

No linked articles in our index yet.