CVE & CISA-KEV Catalog

CVE-2023-31484

HIGHEPSS 72th pctl
8.1
CVSS v3
NVD

Description

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

How to fix

Remediation Available
perlDebian
Fixed in:5.32.1-4+deb11u4CVE-2023-31484
Fixed in:5.36.0-7+deb12u3CVE-2023-31484
Fixed in:5.38.2-2CVE-2023-31484
Fixed in:5.38.2-2CVE-2023-31484
perlRed Hat / RHEL
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
perlRocky
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
perl-CPANRed Hat / RHEL
Fixed in:0:1.9800-299.el7_9.1RHSA-2026:0079
Fixed in:0:2.18-399.el8RHSA-2024:3094
Fixed in:0:2.18-399.el8RHSA-2024:3094
Fixed in:0:2.29-3.el9RHSA-2023:6539
Fixed in:0:2.29-3.el9RHSA-2023:6539
perl-CPANRocky
Fixed in:0:1.9800-299.el7_9.1RHSA-2026:0079
Fixed in:0:2.18-399.el8RHSA-2024:3094
Fixed in:0:2.18-399.el8RHSA-2024:3094
Fixed in:0:2.29-3.el9RHSA-2023:6539
Fixed in:0:2.29-3.el9RHSA-2023:6539
perl-ExtUtils-CBuilderRocky
Fixed in:1:0.28.2.6-299.el7_9.1RHSA-2026:0079
perl-ExtUtils-CBuilderRed Hat / RHEL
Fixed in:1:0.28.2.6-299.el7_9.1RHSA-2026:0079
perl-ExtUtils-EmbedRed Hat / RHEL
Fixed in:0:1.30-299.el7_9.1RHSA-2026:0079
perl-ExtUtils-EmbedRocky
Fixed in:0:1.30-299.el7_9.1RHSA-2026:0079
perl-ExtUtils-InstallRed Hat / RHEL
Fixed in:0:1.58-299.el7_9.1RHSA-2026:0079
perl-ExtUtils-InstallRocky
Fixed in:0:1.58-299.el7_9.1RHSA-2026:0079
perl-IO-ZlibRed Hat / RHEL
Fixed in:1:1.10-299.el7_9.1RHSA-2026:0079
perl-IO-ZlibRocky
Fixed in:1:1.10-299.el7_9.1RHSA-2026:0079
perl-Locale-Maketext-SimpleRocky
Fixed in:1:0.21-299.el7_9.1RHSA-2026:0079
perl-Locale-Maketext-SimpleRed Hat / RHEL
Fixed in:1:0.21-299.el7_9.1RHSA-2026:0079
perl-Module-CoreListRed Hat / RHEL
Fixed in:1:2.76.02-299.el7_9.1RHSA-2026:0079
perl-Module-CoreListRocky
Fixed in:1:2.76.02-299.el7_9.1RHSA-2026:0079
perl-Module-LoadedRocky
Fixed in:1:0.08-299.el7_9.1RHSA-2026:0079
perl-Module-LoadedRed Hat / RHEL
Fixed in:1:0.08-299.el7_9.1RHSA-2026:0079
perl-Object-AccessorRed Hat / RHEL
Fixed in:1:0.42-299.el7_9.1RHSA-2026:0079
perl-Object-AccessorRocky
Fixed in:1:0.42-299.el7_9.1RHSA-2026:0079
perl-Package-ConstantsRocky
Fixed in:1:0.02-299.el7_9.1RHSA-2026:0079
perl-Package-ConstantsRed Hat / RHEL
Fixed in:1:0.02-299.el7_9.1RHSA-2026:0079
perl-Pod-EscapesRed Hat / RHEL
Fixed in:1:1.04-299.el7_9.1RHSA-2026:0079
perl-Pod-EscapesRocky
Fixed in:1:1.04-299.el7_9.1RHSA-2026:0079
perl-Time-PieceRed Hat / RHEL
Fixed in:0:1.20.1-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:0:1.20.1-299.el7_9.1RHSA-2026:0079
Fixed in:0:1.20.1-299.el7_9.1RHSA-2026:0079
Fixed in:0:1.20.1-299.el7_9.1RHSA-2026:0079
perl-Time-PieceRocky
Fixed in:0:1.20.1-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:0:1.20.1-299.el7_9.1RHSA-2026:0079
Fixed in:0:1.20.1-299.el7_9.1RHSA-2026:0079
Fixed in:0:1.20.1-299.el7_9.1RHSA-2026:0079
perl-coreRocky
Fixed in:0:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:0:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:0:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:0:5.16.3-299.el7_9.1RHSA-2026:0079
perl-coreRed Hat / RHEL
Fixed in:0:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:0:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:0:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:0:5.16.3-299.el7_9.1RHSA-2026:0079
perl-debuginfoRed Hat / RHEL
Fixed in:4:5.16.3-299.el7_9.1.ppcRHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.s390RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
perl-debuginfoRocky
Fixed in:4:5.16.3-299.el7_9.1.ppcRHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.s390RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
perl-develRed Hat / RHEL
Fixed in:4:5.16.3-299.el7_9.1.s390RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppcRHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
perl-develRocky
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppcRHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.s390RHSA-2026:0079
perl-libsRocky
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppcRHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.s390RHSA-2026:0079
perl-libsRed Hat / RHEL
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppcRHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.s390RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
perl-macrosRed Hat / RHEL
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
perl-macrosRocky
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
perl-testsRed Hat / RHEL
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
perl-testsRocky
Fixed in:4:5.16.3-299.el7_9.1.ppc64RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
Fixed in:4:5.16.3-299.el7_9.1RHSA-2026:0079
perlUbuntu
Fixed in:5.18.2-2ubuntu1.7+esm5USN-6112-1
Fixed in:5.22.1-9ubuntu0.9+esm2USN-6112-1
Fixed in:5.26.1-6ubuntu0.7USN-6112-1
Fixed in:5.30.0-9ubuntu0.4USN-6112-2
Fixed in:5.34.0-3ubuntu1.2USN-6112-2
Fixed in:5.34.0-5ubuntu1.2USN-6112-2
Fixed in:5.36.0-7ubuntu0.23.04.1USN-6112-2
Strawberry PerlWindows application
Affected:5.38.0Fixed in:5.38.0strawberryperl.com project

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

1.56%probability of exploitation in 30 days
72ndpercentile

Elevated risk: more likely to be exploited than 72% of all known CVEs.

References

Related Vulnerabilities

Other CWE-295 (Improper Certificate Validation) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2015-4000Low3.7100%-Fix
CVE-2020-0601High8.189%KEVFix
CVE-2009-3555Critical9.887%-Fix
CVE-2022-26923High8.883%KEVFix
CVE-2023-27823Critical9.853%--
CVE-2022-42979High8.824%--
Embed a live status badge for CVE-2023-31484
CVE-2023-31484 severity badge

Markdown

[![CVE-2023-31484](https://tridentstack.com/cve/badge/CVE-2023-31484.svg)](https://tridentstack.com/cve/CVE-2023-31484)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-31484"><img src="https://tridentstack.com/cve/badge/CVE-2023-31484.svg" alt="CVE-2023-31484"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-11-03.