Description
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
References (14)
Core 14
Core References
Mailing List, Patch
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
Vendor Advisory
https://ubuntu.com/security/CVE-2023-47100
Various Sources
https://github.com/aquasecurity/trivy/discussions/8400
Various Sources
https://www.suse.com/security/cve/CVE-2023-47100.html
Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
Vendor Advisory
https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2228
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3128
Broken Link, Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-47038
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2249523
Scores
CVSS v3
7.0
EPSS
0.0011
EPSS Percentile
29.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-122
CWE-787
Status
published
Products (6)
fedoraproject/fedora
39
perl/perl
5.30.0 - 5.38.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
redhat/enterprise_linux_aus
9.4
redhat/enterprise_linux_eus
9.4
Published
Dec 18, 2023
Tracked Since
Feb 18, 2026