CVE-2023-47038

{"id": "CVE-2023-47038", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-12-18T14:15:08.933", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2228", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3128", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-47038", "tags": ["Broken Link", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2228", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3128", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-47038", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/aquasecurity/trivy/discussions/8400", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ubuntu.com/security/CVE-2023-47100", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.suse.com/security/cve/CVE-2023-47100.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Perl. Este problema ocurre cuando Perl compila una expresi\u00f3n regular manipulada, lo que puede permitir que un atacante controle el desbordamiento de b\u00fafer de bytes en un b\u00fafer asignado en el almacenamiento din\u00e1mico."}], "lastModified": "2025-11-04T19:16:05.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B51B53EA-B6C9-4B23-AEE4-F365D857C625", "versionEndIncluding": "5.38.0", "versionStartIncluding": "5.30.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "971CFA68-0667-40A0-81B0-51345AF8C1D6"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}