| Summary: |
VUL-0: CVE-2023-47100: perl: out of bounds write in S_parse_uniprop_string() in regcomp.c |
| Product: |
[Novell Products] SUSE Security Incidents
|
Reporter: |
SMASH SMASH <smash_bz> |
| Component: |
Incidents | Assignee: |
Michael Schröder <mls> |
| Status: |
RESOLVED
INVALID
|
QA Contact: |
Security Team bot <security-team> |
| Severity: |
Normal
|
|
|
| Priority: |
P3 - Medium
|
CC: |
carlos.lopez, mls, stoyan.manolov
|
| Version: |
unspecified | |
|
| Target Milestone: |
--- | |
|
| Hardware: |
Other | |
|
| OS: |
Other | |
|
| URL: |
https://smash.suse.de/issue/386745/
|
| Whiteboard: |
|
|
Found By:
|
Security Response Team
|
Services Priority:
|
|
|---|
|
Business Priority:
|
|
Blocker:
|
---
|
|---|
|
Marketing QA Status:
|
---
|
IT Deployment:
|
---
|
|---|
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47100 https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3