Vulnerability Details CVE-2023-47038
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.8%
CVSS Severity
CVSS v3 Score 7.0
References
- https://access.redhat.com/errata/RHSA-2024:2228
- https://access.redhat.com/errata/RHSA-2024:3128
- https://access.redhat.com/security/cve/CVE-2023-47038
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
- https://bugzilla.redhat.com/show_bug.cgi?id=2249523
- https://access.redhat.com/errata/RHSA-2024:2228
- https://access.redhat.com/errata/RHSA-2024:3128
- https://access.redhat.com/security/cve/CVE-2023-47038
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
- https://bugzilla.redhat.com/show_bug.cgi?id=2249523
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
- https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
Products affected by CVE-2023-47038
-
cpe:2.3:a:perl:perl:5.30.0
-
cpe:2.3:a:perl:perl:5.30.1
-
cpe:2.3:a:perl:perl:5.30.2
-
cpe:2.3:a:perl:perl:5.30.3
-
cpe:2.3:a:perl:perl:5.31.0
-
cpe:2.3:a:perl:perl:5.31.1
-
cpe:2.3:a:perl:perl:5.31.10
-
cpe:2.3:a:perl:perl:5.31.11
-
cpe:2.3:a:perl:perl:5.31.2
-
cpe:2.3:a:perl:perl:5.31.3
-
cpe:2.3:a:perl:perl:5.31.4
-
cpe:2.3:a:perl:perl:5.31.5
-
cpe:2.3:a:perl:perl:5.31.6
-
cpe:2.3:a:perl:perl:5.31.7
-
cpe:2.3:a:perl:perl:5.31.8
-
cpe:2.3:a:perl:perl:5.31.9
-
cpe:2.3:a:perl:perl:5.32.0
-
cpe:2.3:a:perl:perl:5.32.1
-
cpe:2.3:a:perl:perl:5.33.0
-
cpe:2.3:a:perl:perl:5.33.1
-
cpe:2.3:a:perl:perl:5.33.2
-
cpe:2.3:a:perl:perl:5.33.3
-
cpe:2.3:a:perl:perl:5.33.4
-
cpe:2.3:a:perl:perl:5.33.5
-
cpe:2.3:a:perl:perl:5.33.6
-
cpe:2.3:a:perl:perl:5.33.7
-
cpe:2.3:a:perl:perl:5.33.8
-
cpe:2.3:a:perl:perl:5.33.9
-
cpe:2.3:a:perl:perl:5.34.0
-
cpe:2.3:a:perl:perl:5.34.1
-
cpe:2.3:a:perl:perl:5.34.2
-
cpe:2.3:a:perl:perl:5.34.3
-
cpe:2.3:a:perl:perl:5.35.0
-
cpe:2.3:a:perl:perl:5.35.1
-
cpe:2.3:a:perl:perl:5.35.10
-
cpe:2.3:a:perl:perl:5.35.11
-
cpe:2.3:a:perl:perl:5.35.2
-
cpe:2.3:a:perl:perl:5.35.3
-
cpe:2.3:a:perl:perl:5.35.4
-
cpe:2.3:a:perl:perl:5.35.5
-
cpe:2.3:a:perl:perl:5.35.6
-
cpe:2.3:a:perl:perl:5.35.7
-
cpe:2.3:a:perl:perl:5.35.8
-
cpe:2.3:a:perl:perl:5.35.9
-
cpe:2.3:a:perl:perl:5.36.0
-
cpe:2.3:a:perl:perl:5.36.1
-
cpe:2.3:a:perl:perl:5.36.2
-
cpe:2.3:a:perl:perl:5.36.3
-
cpe:2.3:a:perl:perl:5.37.0
-
cpe:2.3:a:perl:perl:5.37.1
-
cpe:2.3:a:perl:perl:5.37.10
-
cpe:2.3:a:perl:perl:5.37.11
-
cpe:2.3:a:perl:perl:5.37.2
-
cpe:2.3:a:perl:perl:5.37.3
-
cpe:2.3:a:perl:perl:5.37.4
-
cpe:2.3:a:perl:perl:5.37.5
-
cpe:2.3:a:perl:perl:5.37.6
-
cpe:2.3:a:perl:perl:5.37.7
-
cpe:2.3:a:perl:perl:5.37.8
-
cpe:2.3:a:perl:perl:5.37.9
-
cpe:2.3:a:perl:perl:5.38.0
-
cpe:2.3:o:fedoraproject:fedora:39
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux_aus:9.4
-
cpe:2.3:o:redhat:enterprise_linux_eus:9.4