What is the vulnerability ID for this Perl vulnerability?

The vulnerability ID for this Perl vulnerability is CVE-2023-47100.

What is the severity of CVE-2023-47100?

The severity of CVE-2023-47100 is critical with a severity value of 9.8.

Which software versions are affected by CVE-2023-47100?

The software versions affected by CVE-2023-47100 are Perl versions 5.30.0 through 5.38.2.

How can an attacker exploit CVE-2023-47100?

An attacker can exploit CVE-2023-47100 by using a crafted regular expression construct that includes a property name.

Is there a fix available for CVE-2023-47100?

Yes, a fix is available for CVE-2023-47100. It is recommended to update to the latest version of Perl (5.38.2 or later) to mitigate the vulnerability.

Vulnerability/
CVE-2023-47100

critical

9.8

CWE

755

2/12/2023

2/8/2024

CVE-2023-47100

First published: Sat Dec 02 2023(Updated: )

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Perl Perl	>=5.30.0<5.38.2
IBM AIX	<=7.3
IBM VIOS	<=4.1

Remedy

https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7122628

Frequently Asked Questions

What is the vulnerability ID for this Perl vulnerability?
The vulnerability ID for this Perl vulnerability is CVE-2023-47100.
What is the severity of CVE-2023-47100?
The severity of CVE-2023-47100 is critical with a severity value of 9.8.
Which software versions are affected by CVE-2023-47100?
The software versions affected by CVE-2023-47100 are Perl versions 5.30.0 through 5.38.2.
How can an attacker exploit CVE-2023-47100?
An attacker can exploit CVE-2023-47100 by using a crafted regular expression construct that includes a property name.
Is there a fix available for CVE-2023-47100?
Yes, a fix is available for CVE-2023-47100. It is recommended to update to the latest version of Perl (5.38.2 or later) to mitigate the vulnerability.

collector/nvd-api
agent/type
agent/event
agent/first-publish-date
agent/weakness
agent/severity
agent/references
agent/remedy
agent/author
agent/softwarecombine
agent/description
collector/ibm-support
source/IBM
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/trending
vendor/perl
canonical/perl perl
version/perl perl/5.30.0
vendor/ibm
canonical/ibm aix
version/ibm aix/7.3
canonical/ibm vios
version/ibm vios/4.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.