CVE-2023-7101
📋 TL;DR
CVE-2023-7101 is an arbitrary code execution vulnerability in Spreadsheet::ParseExcel Perl module version 0.65. Attackers can execute arbitrary Perl code by crafting malicious Excel files with specially formatted number strings. Any application using this vulnerable module to parse untrusted Excel files is affected.
💻 Affected Systems
- Spreadsheet::ParseExcel Perl module
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Spreadsheet\ by Jmcnamara
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the application parsing the Excel file, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Remote code execution on servers processing user-uploaded Excel files, leading to application compromise and potential data breach.
If Mitigated
Limited impact if proper input validation and sandboxing are in place, though the eval vulnerability remains dangerous.
🎯 Exploit Status
Proof-of-concept exploit code is publicly available, making exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 0.66 or later
Vendor Advisory: https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc
Restart Required: No
Instructions:
1. Update Spreadsheet::ParseExcel using CPAN: 'cpan Spreadsheet::ParseExcel'
2. Or manually install version 0.66+: 'cpanm Spreadsheet::ParseExcel@0.66'
3. Verify installation with 'perl -MSpreadsheet::ParseExcel -e 'print $Spreadsheet::ParseExcel::VERSION'
🔧 Temporary Workarounds
Input validation and sanitization
allImplement strict validation of Excel file inputs before passing to ParseExcel
Sandbox parsing environment
allRun Excel parsing in isolated containers or restricted environments
🧯 If You Can't Patch
- Disable Excel file upload/processing functionality entirely
- Implement strict file type validation and only allow trusted sources
🔍 How to Verify
Check if Vulnerable:
Check if Spreadsheet::ParseExcel version 0.65 is installed: 'perl -MSpreadsheet::ParseExcel -e 'print $Spreadsheet::ParseExcel::VERSION'Check Version:
perl -MSpreadsheet::ParseExcel -e 'print $Spreadsheet::ParseExcel::VERSION'Verify Fix Applied:
Verify version is 0.66 or higher using same command📡 Detection & Monitoring
Log Indicators:
- Unusual Perl process execution patterns
- Excel file parsing errors with eval failures
- Unexpected system commands from Perl processes
Network Indicators:
- Outbound connections from Perl processes to unexpected destinations
- File uploads containing Excel files with unusual patterns
SIEM Query:
process.name:perl AND (process.cmdline:*ParseExcel* OR process.cmdline:*spreadsheet*)🔗 References
- http://www.openwall.com/lists/oss-security/2023/12/29/4
- https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
- https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc
- https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc
- https://https://metacpan.org/dist/Spreadsheet-ParseExcel
- https://https://www.cve.org/CVERecord?id=CVE-2023-7101
- https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/
- https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html
- http://www.openwall.com/lists/oss-security/2023/12/29/4
- https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
- https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc
- https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc
- https://https://metacpan.org/dist/Spreadsheet-ParseExcel
- https://https://www.cve.org/CVERecord?id=CVE-2023-7101
- https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/
- https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7101
