๐Ÿ” CVE Alert

CVE-2023-47038

HIGH 7.0

Perl: write past buffer end via illegal user-defined unicode property

CVSS Score
7.0
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

CWE CWE-122
Published Dec 18, 2023
Last Updated Jan 22, 2026
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected
Red Hat / Red Hat Enterprise Linux 7
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:2228 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:3128 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-47038 bugs.debian.org: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2249523 github.com: https://github.com/aquasecurity/trivy/discussions/8400 suse.com: https://www.suse.com/security/cve/CVE-2023-47100.html ubuntu.com: https://ubuntu.com/security/CVE-2023-47100 github.com: https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 github.com: https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 github.com: https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/ perldoc.perl.org: https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/