7.8

CVE-2023-47038

Perl: write past buffer end via illegal user-defined unicode property

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PerlPerl Version >= 5.30.0 <= 5.38.0
FedoraprojectFedora Version39
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Aus Version9.4
RedhatEnterprise Linux Eus Version9.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.83% 0.528
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
https://access.redhat.com/errata/RHSA-2024:2228
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3128
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-47038
Third Party Advisory
Broken Link
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
Patch
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=2249523
Third Party Advisory
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
Third Party Advisory
https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
Vendor Advisory
https://github.com/aquasecurity/trivy/discussions/8400
https://ubuntu.com/security/CVE-2023-47100
https://www.suse.com/security/cve/CVE-2023-47100.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/