CVE-2023-47038

Name
CVE-2023-47038
Description
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2023-47038
secalert@redhat.com https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2249523
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
secalert@redhat.com https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2228
vendor-advisory https://access.redhat.com/errata/RHSA-2024:3128
af854a3a-2127-422b-91ae-364da2661108 https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
af854a3a-2127-422b-91ae-364da2661108 https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
af854a3a-2127-422b-91ae-364da2661108 https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
af854a3a-2127-422b-91ae-364da2661108 https://github.com/aquasecurity/trivy/discussions/8400
af854a3a-2127-422b-91ae-364da2661108 https://ubuntu.com/security/CVE-2023-47100
af854a3a-2127-422b-91ae-364da2661108 https://www.suse.com/security/cve/CVE-2023-47100.html
af854a3a-2127-422b-91ae-364da2661108 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/

Match rules

CPE URI Source package Min version Max version
shopxo >= 5.30.0 < 5.34.3
shopxo >= 5.36.0 < 5.36.3
shopxo >= 5.38.0 < 5.38.2
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 8100020240314121426.9fe1d287 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 4:5.32.1-481.el9 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
perl edge-main 5.38.1-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
perl 3.22-main 5.38.1-r0 None fixed
perl 3.21-main 5.38.1-r0 None fixed
perl 3.20-main 5.38.1-r0 None fixed
perl 3.19-main 5.38.1-r0 None fixed
perl 3.18-main 5.36.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
perl 3.17-main 5.36.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed