CVE-2024-22368

Published: 09/01/2024 Updated: 05/05/2024

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

The Spreadsheet::ParseXLSX package prior to 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tozt spreadsheet\\ \\

Hi, Đình Hải Lê discovered that the Perl module Spreadsheet::ParseXLSX 027 (and earlier) is vulnerable to denial of service attack via out-of-memory bugs when parsing a crafted XLSX file Users are advised to upgrade to 028 or later Fixed Version: metacpanorg/release/NUDDLEGG/Spreadsheet-ParseXLSX-028 References: cvem ...

NVD-CWE-noinfo https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes http://www.openwall.com/lists/oss-security/2024/01/10/2 https://lists.debian.org/debian-lts-announce/2024/01/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNJVC4C5C5V44DNOZ5BHVU53CDXPB2OJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6R7NYWVVZYDZIQC5YEXNHZM6VEE26SJV/https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html https://nvd.nist.gov https://seclists.org/oss-sec/2024/q1/17

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-22368

Vulnerability Summary

Mailing Lists

References

Vulmon Search

About

Products

Connect