PT-2023-7202 · Perl+9 · Perl+9

Nathan Mills

Published

2023-11-25

Updated

2025-11-30

CVE-2023-47038

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions perl versions 5.30.0 through 5.38.0

Description The issue is related to a buffer overflow in dynamic memory due to improper handling of crafted regular expressions. This can allow a remote attacker to control the buffer overflow, potentially leading to a denial of service or execution of arbitrary code. The vulnerability occurs when perl compiles a manipulated regular expression, enabling an attacker to control the byte buffer overflow in a heap-allocated buffer.

Recommendations For perl versions 5.30.0 through 5.38.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of crafted regular expressions until a patch is available. Avoid using specially crafted regular expression inputs that could exploit this vulnerability to write to unallocated space. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALSA-2024:2228

ALSA-2024:3128

ALT-PU-2025-4598

BDU:2023-08229

CESA-2024_3128

CVE-2023-47038

INFSA-2024_2228

INFSA-2024_3128

MGASA-2024-0021

OESA-2023-1863

OESA-2023-1864

OESA-2023-1865

OPENSUSE-SU-2024:13479-1

RHSA-2024:2228

RHSA-2024:3128

RHSA-2024_2228

RHSA-2024_3128

USN-6517-1

Affected Products

Alt Linux

Almalinux

Centos

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

Perl

PT-2023-7202 · Perl+9 · Perl+9

CVE-2023-47038

Weakness Enumeration

Related Identifiers

Affected Products

References · 70