CVE-2024-22368

{"id": "CVE-2024-22368", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-01-09T09:15:42.910", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/01/10/2", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00018.html", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6R7NYWVVZYDZIQC5YEXNHZM6VEE26SJV/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNJVC4C5C5V44DNOZ5BHVU53CDXPB2OJ/", "source": "cve@mitre.org"}, {"url": "https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/10/2", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6R7NYWVVZYDZIQC5YEXNHZM6VEE26SJV/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNJVC4C5C5V44DNOZ5BHVU53CDXPB2OJ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells."}, {"lang": "es", "value": "El paquete Spreadsheet::ParseXLSX anterior a 0.28 para Perl puede encontrar una condici\u00f3n de falta de memoria durante el an\u00e1lisis de un documento XLSX manipulado. Esto ocurre porque la implementaci\u00f3n de memoize no tiene restricciones apropiadas en las celdas fusionadas."}], "lastModified": "2024-11-21T08:56:08.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tozt:spreadsheet\\:\\:parsexlsx:*:*:*:*:*:perl:*:*", "vulnerable": true, "matchCriteriaId": "6B156CF4-537A-4244-A107-0C4C05BAFDCC", "versionEndExcluding": "0.28"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}