Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-47039

Good to know:

icon

Date: January 2, 2024

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.

Language: C

Severity Score

Related Resources (8)

https://access.redhat.com/security/cve/CVE-2023-47039
https://github.com/Perl/perl5/commit/ba2b389c88d6ca1c20eace23ea955efe8a95bcc3
https://bugzilla.redhat.com/show_bug.cgi?id=2249525
https://nvd.nist.gov/vuln/detail/CVE-2023-47039
https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability
https://security.netapp.com/advisory/ntap-20240208-0005/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
https://www.mend.io/vulnerability-database/CVE-2023-47039

Severity Score

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Heap-based Buffer Overflow

CWE-122

Top Fix

icon

Upgrade Version

Upgrade to version v5.34.2,v5.36.2,v5.38.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us