Login Sign Up

CVE-2022-48623

9.1 CRITICAL
Denial of Service

📋 TL;DR

CVE-2022-48623 is an out-of-bounds read vulnerability in Cpanel::JSON::XS Perl package versions before 4.33. Attackers can exploit this to read sensitive memory contents or cause denial of service by crashing applications. This affects any Perl application using vulnerable versions of this JSON parsing library.

💻 Affected Systems

Products:
  • Cpanel::JSON::XS Perl package
Versions: All versions before 4.33
Operating Systems: All operating systems running Perl
Default Config Vulnerable: ⚠️ Yes
Notes: Any Perl application using Cpanel::JSON::XS for JSON parsing is vulnerable. This is a library-level vulnerability affecting dependent applications.

📦 What is this software?

Cpanel\ by Rurban

View all CVEs affecting Cpanel\ →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive information from application memory including passwords, keys, or other confidential data, potentially leading to complete system compromise.

🟠

Likely Case

Denial of service through application crashes or information disclosure of adjacent memory contents.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal exposure of affected systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted JSON input to vulnerable applications. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.33 and later

Vendor Advisory: https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.33/changes

Restart Required: Yes

Instructions:

1. Update Cpanel::JSON::XS to version 4.33 or later using CPAN: 'cpan Cpanel::JSON::XS'
2. Restart any Perl applications or services using the library
3. Verify the update with 'perl -MCpanel::JSON::XS -e "print $Cpanel::JSON::XS::VERSION"'

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict input validation for JSON data before processing with Cpanel::JSON::XS

Use alternative JSON parser

all

Temporarily switch to alternative Perl JSON parsers like JSON::XS or JSON::PP

cpan JSON::XS
cpan JSON::PP

🧯 If You Can't Patch

  • Implement network-level controls to restrict access to affected applications
  • Monitor application logs for unusual JSON parsing errors or crashes

🔍 How to Verify

Check if Vulnerable:

Check the installed version of Cpanel::JSON::XS with: perl -MCpanel::JSON::XS -e "print $Cpanel::JSON::XS::VERSION"

Check Version:

perl -MCpanel::JSON::XS -e "print $Cpanel::JSON::XS::VERSION"

Verify Fix Applied:

Verify version is 4.33 or higher using the same command

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults in Perl applications
  • Unexpected application crashes during JSON processing
  • Memory access violation errors

Network Indicators:

  • Unusual JSON payloads sent to applications
  • Repeated connection attempts to JSON endpoints

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "memory violation" OR "Cpanel::JSON::XS")

📊 Metadata

CVE ID: CVE-2022-48623
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: February 13, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48623, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)