Login Sign Up

CVE-2022-4976

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

Archive::Unzip::Burst versions 0.01 through 0.09 for Perl contain a bundled InfoZip library with multiple vulnerabilities (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141). These vulnerabilities allow attackers to execute arbitrary code or cause denial of service by processing specially crafted ZIP archives. Any Perl application using this vulnerable module is affected.

💻 Affected Systems

Products:
  • Archive::Unzip::Burst
Versions: 0.01 through 0.09
Operating Systems: All platforms running Perl
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the bundled InfoZip library; any Perl application using Archive::Unzip::Burst to extract ZIP files is vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service crashes or limited code execution in the context of the Perl application.

🟢

If Mitigated

No impact if the module is not used or if input validation blocks malicious archives.

🌐 Internet-Facing: HIGH if the application processes user-uploaded ZIP files from untrusted sources.
🏢 Internal Only: MEDIUM if internal users can upload ZIP files; LOW if usage is restricted.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the application to process a malicious ZIP file; public exploits exist for the underlying InfoZip CVEs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.10 or later

Vendor Advisory: https://rt.cpan.org/Public/Bug/Display.html?id=143547

Restart Required: No

Instructions:

1. Update Archive::Unzip::Burst to version 0.10 or later using CPAN: 'cpan Archive::Unzip::Burst'. 2. Verify the update with 'perl -MArchive::Unzip::Burst -e "print $Archive::Unzip::Burst::VERSION"'.

🔧 Temporary Workarounds

Disable or remove Archive::Unzip::Burst

all

Uninstall the module or modify the application to not use it for ZIP extraction.

cpan -u Archive::Unzip::Burst

Use alternative ZIP library

all

Replace Archive::Unzip::Burst with a secure alternative like Archive::Zip.

cpan Archive::Zip

🧯 If You Can't Patch

  • Restrict ZIP file processing to trusted sources only.
  • Implement input validation to reject suspicious ZIP archives before extraction.

🔍 How to Verify

Check if Vulnerable:

Run 'perl -MArchive::Unzip::Burst -e "print $Archive::Unzip::Burst::VERSION"' and check if the version is between 0.01 and 0.09.

Check Version:

perl -MArchive::Unzip::Burst -e "print $Archive::Unzip::Burst::VERSION"

Verify Fix Applied:

After update, run the same command and confirm version is 0.10 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or errors during ZIP file extraction
  • Unusual process execution from Perl scripts

Network Indicators:

  • Inbound transfers of ZIP files to vulnerable applications

SIEM Query:

source="application.log" AND ("Archive::Unzip::Burst" OR "zip extraction error")

📊 Metadata

CVE ID: CVE-2022-4976
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.07% exploit probability (20.3th percentile)
Published: June 12, 2025
Last Updated: June 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON