CVE-2023-47100

Name of the Vulnerable Software and Affected Versions Perl versions 5.30.0 through 5.38.1

Description The issue is related to the S parse uniprop string function in regcomp.c, which can write to unallocated space due to mishandling of a property name associated with a regular expression construct. This can allow a remote attacker to bypass security restrictions and potentially impact the confidentiality, integrity, and availability of protected information. The vulnerability can be exploited by using a specially crafted regular expression input.

Recommendations For Perl versions 5.30.0 through 5.38.1, update to version 5.38.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the S parse uniprop string function in regcomp.c until a patch is available. Avoid using specially crafted regular expression inputs that could exploit this vulnerability until the issue is resolved.