Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-47038

Date: December 18, 2023

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

Language: C

Severity Score

Related Resources (19)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
https://security.alpinelinux.org/vuln/CVE-2023-47038
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
https://security-tracker.debian.org/tracker/CVE-2023-47038
https://www.suse.com/security/cve/CVE-2023-47100.html
https://seclists.org/oss-sec/2023/q4/255
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/
https://access.redhat.com/security/cve/CVE-2023-47038
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
https://bugzilla.redhat.com/show_bug.cgi?id=2249523
https://nvd.nist.gov/vuln/detail/CVE-2023-47038
https://github.com/aquasecurity/trivy/discussions/8400
https://ubuntu.com/security/CVE-2023-47100
https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
https://access.redhat.com/errata/RHSA-2024:3128
https://access.redhat.com/errata/RHSA-2024:2228
https://www.mend.io/vulnerability-database/CVE-2023-47038

Severity Score

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us