CVE-2023-47038
HIGH EPSS 53.0%
Published Dec 18, 20232y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published Dec 18, 2023 2y ago
Last Modified Jun 17, 2026 2w ago
Description
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
53.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-122
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 6
References 14
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:2228
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:3128
- access.redhat.com https://access.redhat.com/security/cve/CVE-2023-47038
- bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2249523
- github.com https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
- github.com https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
- github.com https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
- github.com https://github.com/aquasecurity/trivy/discussions/8400
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/
- perldoc.perl.org https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
- ubuntu.com https://ubuntu.com/security/CVE-2023-47100
- suse.com https://www.suse.com/security/cve/CVE-2023-47100.html
Remediation
- bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746