CVE-2023-47038

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-47038
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47038.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-47038
Downstream
Related
Published
2023-12-18T14:15:08.933Z
Modified
2026-03-15T21:45:02.602347Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

References

Affected packages

Git / github.com/perl/perl5

Affected ranges

Type
GIT
Repo
https://github.com/perl/perl5
Events
Introduced
44523d1ffde5f23de2e13216cdbac46357631904
Last affected
76298ae68aa7796f0ffc05095b127d23f4b2de8f
Fixed
12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
Fixed
7047915eef37fccd93e7cd985c29fe6be54650b6
Fixed
ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
Database specific 
{
    "versions": [
        {
            "introduced": "5.30.0"
        },
        {
            "last_affected": "5.38.0"
        }
    ]
}

Affected versions

v5.*
v5.30.0
v5.31.0
v5.31.1
v5.31.10
v5.31.11
v5.31.2
v5.31.3
v5.31.4
v5.31.5
v5.31.6
v5.31.7
v5.31.8
v5.31.9
v5.32.0
v5.32.0-RC0
v5.32.0-RC1
v5.33.0
v5.33.1
v5.33.2
v5.33.3
v5.33.4
v5.33.5
v5.33.6
v5.33.7
v5.33.8
v5.33.9
v5.34.0
v5.34.0-RC1
v5.34.0-RC2
v5.35.0
v5.35.1
v5.35.10
v5.35.11
v5.35.2
v5.35.3
v5.35.4
v5.35.5
v5.35.6
v5.35.7
v5.35.8
v5.35.9
v5.36.0
v5.36.0-RC1
v5.36.0-RC3
v5.37.0
v5.37.1
v5.37.10
v5.37.11
v5.37.2
v5.37.3
v5.37.4
v5.37.5
v5.37.6
v5.37.7
v5.37.8
v5.37.9
v5.38.0
v5.38.0-RC1
v5.38.0-RC2
v5.39.0
v5.39.1
v5.39.2
v5.39.3
v5.39.4
v5.39.5

Database specific

vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "293151830564086057975937478145914932521",
                "143453480806131793255850162682972791677",
                "49908078177243315762977250841678391040",
                "42104507940110116460481038906207795532",
                "292801548212068716341663467870433321819",
                "212097729157823892197038680263482191794",
                "144636467486871689450262130624485683886",
                "335528991668785098518339371645954218045",
                "299294200457540300074871374773975371398",
                "167558216281262761149252772934203375680",
                "228324759900382015466878919495742988297",
                "74020277280142741159892597680004234788",
                "113932126825401564749306971437333044127",
                "247111147840606110998218129682026188629",
                "138101284308869327359391341269680722528",
                "8701125679094550235987128839545290268",
                "115265112681309483517465494462799681859",
                "84378174528897378644201700403584698336"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-47038-25a411b3",
        "target": {
            "file": "regcomp.c"
        },
        "source": "https://github.com/perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "293151830564086057975937478145914932521",
                "143453480806131793255850162682972791677",
                "49908078177243315762977250841678391040",
                "42104507940110116460481038906207795532",
                "335342254380232159137657033313261520238",
                "142206445844056675113002677752098323015",
                "144636467486871689450262130624485683886",
                "335528991668785098518339371645954218045",
                "299294200457540300074871374773975371398",
                "167558216281262761149252772934203375680",
                "228324759900382015466878919495742988297",
                "74020277280142741159892597680004234788",
                "113932126825401564749306971437333044127",
                "247111147840606110998218129682026188629",
                "138101284308869327359391341269680722528",
                "8701125679094550235987128839545290268",
                "115265112681309483517465494462799681859",
                "84378174528897378644201700403584698336"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-47038-693fbd38",
        "target": {
            "file": "regcomp.c"
        },
        "source": "https://github.com/perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "293151830564086057975937478145914932521",
                "143453480806131793255850162682972791677",
                "49908078177243315762977250841678391040",
                "42104507940110116460481038906207795532",
                "335342254380232159137657033313261520238",
                "142206445844056675113002677752098323015",
                "144636467486871689450262130624485683886",
                "335528991668785098518339371645954218045",
                "299294200457540300074871374773975371398",
                "167558216281262761149252772934203375680",
                "228324759900382015466878919495742988297",
                "74020277280142741159892597680004234788",
                "113932126825401564749306971437333044127",
                "247111147840606110998218129682026188629",
                "138101284308869327359391341269680722528",
                "8701125679094550235987128839545290268",
                "115265112681309483517465494462799681859",
                "84378174528897378644201700403584698336"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-47038-e5f4bbb5",
        "target": {
            "file": "regcomp.c"
        },
        "source": "https://github.com/perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "39"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.4"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47038.json"