CVE-2023-47038

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write CWE-755 — Improper Exception Handling11 documents8 sources

Severity

7.8HIGH

EPSS

0.1%

top 71.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Perl Fedoraproject Fedora Redhat Enterprise Linux +2 more

Timeline

PublishedDec 18

Latest updateDec 30

Description

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶Debianperl< 5.32.1-4+deb11u3+3

▶NVDperl/perl5.30.0 — 5.38.0

Also affects: Fedora 39, Enterprise Linux 8.0, 9.0, 9.4

Patches

Patch: bugs.debian.org ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-96fh-9q43-rmjh: A vulnerability was found in perl↗2023-12-30

▶

OSV

CVE-2023-47038: A vulnerability was found in perl 5↗2023-12-18

▶

CVEList

Perl: write past buffer end via illegal user-defined unicode property↗2023-12-18

▶

OSV

perl vulnerabilities↗2023-11-27

▶

📋Vendor Advisories

Red Hat

perl: Perl security bypass↗2023-12-03

▶

BSD

OpenBSD 7.3 Errata 021: SECURITY FIX↗2023-11-29

▶

BSD

OpenBSD 7.4 Errata 007: SECURITY FIX↗2023-11-29

▶

Ubuntu

Perl vulnerabilities↗2023-11-27

▶

Red Hat

perl: Write past buffer end via illegal user-defined Unicode property↗2023-11-25

▶