CVE-2023-47038

Name
CVE-2023-47038
Description
A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
secalert@redhat.com https://access.redhat.com/security/cve/CVE-2023-47038
secalert@redhat.com https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2249523
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
secalert@redhat.com https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2228
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:3128

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:perl:perl:5.34.0:*:*:*:*:*:*:* perl == None == 5.34.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* enterprise_linux == None == 8.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* enterprise_linux == None == 9.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
perl 3.18-main 5.36.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
perl 3.17-main 5.36.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
perl 3.16-main 5.34.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
perl 3.15-main 5.34.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed