CVE-2022-48623: 
CBL Mariner vulnerability analysis and mitigation

The Cpanel::JSON::XS package before version 4.33 for Perl contains a security vulnerability (CVE-2022-48623) that was disclosed on February 13, 2024. The vulnerability affects the package's handling of out-of-bounds accesses during JSON processing, specifically when processing hash keys without proper colon delimiters (Debian Tracker, NVD).

The vulnerability stems from improper handling of out-of-bounds accesses in the package's JSON parsing functionality. The issue specifically occurs when processing hash keys without proper colon delimiters, which could lead to memory access violations. The fix was implemented in version 4.33 through a patch that corrects the decode out-of-bounds behavior (GitHub Commit).

When exploited, this vulnerability allows attackers to obtain sensitive information or cause a denial of service condition. The severity of this issue is reflected in its CVSS 3.1 score of 9.1 (Critical), indicating a high-impact vulnerability with potential for significant security breaches (Ubuntu Security).

The primary mitigation is to upgrade Cpanel::JSON::XS to version 4.33 or later. Various Linux distributions have released fixed packages: Ubuntu has provided fixes for versions 22.04 LTS (4.27-1ubuntu0.1) and 20.04 LTS (4.19-1ubuntu0.1), while Debian has fixed versions in bookworm (4.35-1) and sid/trixie (4.39-1) (Ubuntu Security, Debian Tracker).