Unrated severityNVD Advisory· Published Aug 11, 2021· Updated Nov 3, 2025
CVE-2021-36770
CVE-2021-36770
Description
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Perl/Encode.pmdescription
- Range: 3.05 <= <=3.11
Patches
Vulnerability mechanics
References
8- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/mitrevendor-advisoryx_refsource_FEDORA
- github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9mitrex_refsource_CONFIRM
- github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74mitrex_refsource_CONFIRM
- metacpan.org/dist/Encode/changesmitrex_refsource_CONFIRM
- news.cpanel.com/unscheduled-tsr-10-august-2021/mitrex_refsource_CONFIRM
- security-tracker.debian.org/tracker/CVE-2021-36770mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210909-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.