|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-47038: perl: Write past buffer end via illegal user-defined Unicode property | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Michael Schröder <mls> |
| Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | gianluca.gabrielli, meissner |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/384694/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2023-47038:4.5:(AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Comment 4
Michael Schröder
2023-11-24 13:03:18 UTC
https://metacpan.org/release/PEVANS/perl-5.38.1/view/pod/perldelta.pod CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property This vulnerability was reported directly to the Perl security team by Nathan Mills the.true.nathan.mills@gmail.com. A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer. (In reply to Michael Schröder from comment #4) > Marcus, could you please attach the 5.38.0 patch? sorry, was on sickleave last week and missed this. I also seem to have deleted the report email. but it should now be available from upstream. No need, we'll update to 5.38.1 Make that 5.38.2 ... |