CVE-2023-47038

HIGH EPSS 53.0%
Published Dec 18, 20232y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Dec 18, 2023 2y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
53.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-122
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 6

VendorProductVersionRange
perlperl*≥5.30.0  –  ≤5.38.0
fedoraprojectfedora39any
redhatenterprise_linux8.0any
redhatenterprise_linux9.0any
redhatenterprise_linux_aus9.4any
redhatenterprise_linux_eus9.4any

References 14

  • access.redhat.com https://access.redhat.com/errata/RHSA-2024:2228
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2024:3128
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/security/cve/CVE-2023-47038
    Broken LinkThird Party Advisory
  • bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
    Mailing ListPatch
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2249523
    Issue TrackingThird Party Advisory
  • github.com https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
  • github.com https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
  • github.com https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
  • github.com https://github.com/aquasecurity/trivy/discussions/8400
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
    Third Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/
  • perldoc.perl.org https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
    Vendor Advisory
  • ubuntu.com https://ubuntu.com/security/CVE-2023-47100
  • suse.com https://www.suse.com/security/cve/CVE-2023-47100.html

Remediation

  • bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
    Mailing ListPatch