Vulnerability DatabaseCVE-2023-47038
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-47038
December 18, 2023
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
Related Resources (17)
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
https://github.com/aquasecurity/trivy/discussions/8400
https://access.redhat.com/errata/RHSA-2024:3128
https://bugzilla.redhat.com/show_bug.cgi?id=2249523
https://access.redhat.com/errata/RHSA-2024:2228
https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
https://www.suse.com/security/cve/CVE-2023-47100.html
https://ubuntu.com/security/CVE-2023-47100
https://security.alpinelinux.org/vuln/CVE-2023-47038
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
https://access.redhat.com/security/cve/CVE-2023-47038
https://security-tracker.debian.org/tracker/CVE-2023-47038
https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
https://seclists.org/oss-sec/2023/q4/255
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Heap-based Buffer Overflow
CWE-122
Out-of-bounds Write
CWE-787
EPSS
Base Score:
0.11