Heap Buffer Overflow in Perl 5.30.0 5.38.0 RegExp Compile
CVE-2023-47038 Published on December 18, 2023

Perl: write past buffer end via illegal user-defined unicode property
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-47038 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public. 14 days later.

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().


Products Associated with CVE-2023-47038

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-47038 are published in these products:

Canonical Ubuntu Linux
 
Perl
 
Fedora Project Fedora
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Eus
 
Red Hat Enterprise Linux Aus
 

Exploit Probability

EPSS
0.11%
Percentile
29.15%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.