Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA

CVE-2023-7101

Published: 24/12/2023 Updated: 10/06/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0

Vulnerability Summary

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jmcnamara spreadsheet

debian debian linux 10.0

fedoraproject fedora 38

fedoraproject fedora 39

Vendor Advisories

Debian CVElist Bug Report Logs: libspreadsheet-parseexcel-perl: CVE-2023-7101
Debian Bug report logs - #1059450 libspreadsheet-parseexcel-perl: CVE-2023-7101 Package: src:libspreadsheet-parseexcel-perl; Maintainer for src:libspreadsheet-parseexcel-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Affects: libspreadsheet-parsexlsx-perl Reported by: Salvatore Bonaccorso <carnil@ ...
Amazon Linux AMI: ALAS-2024-1905
Spreadsheet::ParseExcel version 065 is a Perl module used for parsing Excel files Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type "eval" Specifically, the issue stems from the evaluation of Number format strings (not to be confused with print ...

Mailing Lists

Full Disclosure: CVE-2023-7101: Spreadsheet::ParseExcel for Perl is vulnerable to arbitrary code execution
Hi, The CPAN Security WG was recently informed that the Perl module Spreadsheet::ParseExcel 065 (and earlier) is vulnerable to arbitrary code execution Users should upgrade to version 066 as soon as possible Updated Version: metacpanorg/release/JMCNAMARA/Spreadsheet-ParseExcel-066 Patch: githubcom/jmcnamara/spreadsheet-p ...

Github Repositories

https://github.com/vinzel-ops/vuln-barracuda

Vulnerability of Critical Zero-Day in Barracuda Email Security

Critical Zero-Day Flaw in Barracuda Email Security Gateway (CVE-2023-7102) Overview A severe zero-day vulnerability, designated CVE-2023-7102, has been discovered in the Barracuda Email Security Gateway This flaw enables attackers to execute arbitrary code on vulnerable systems Impact Remote code execution Possible data theft and system compromise Disruption of email service

References

CWE-94https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.mdhttps://https://www.cve.org/CVERecord?id=CVE-2023-7101https://https://metacpan.org/dist/Spreadsheet-ParseExcelhttps://https://github.com/haile01/perl_spreadsheet_excel_rce_pochttps://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171http://www.openwall.com/lists/oss-security/2023/12/29/4https://lists.debian.org/debian-lts-announce/2023/12/msg00025.htmlhttps://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bchttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059450https://nvd.nist.govhttps://github.com/vinzel-ops/vuln-barracudahttps://alas.aws.amazon.com/ALAS-2024-1905.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4541CVE-2024-3080CVE-2024-4787log injectionCVE-2024-5967injectCVE-2024-30078CVE-2024-5899
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook