1217763 – (CVE-2023-47100) VUL-0: CVE-2023-47100: perl: out of bounds write in S_parse_uniprop_string() in regcomp.c

Bug 1217763 (CVE-2023-47100) - VUL-0: CVE-2023-47100: perl: out of bounds write in S_parse_uniprop_string() in regcomp.c

Summary: VUL-0: CVE-2023-47100: perl: out of bounds write in S_parse_uniprop_string() ...

Status:	RESOLVED INVALID

Alias:	CVE-2023-47100

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Michael Schröder
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/386745/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-12-04 08:48 UTC by SMASH SMASH
Modified:	2024-05-30 14:38 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2023-12-04 08:48:10 UTC

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47100
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3

Comment 3 Michael Schröder 2024-03-13 10:35:29 UTC

I think SUSE:ALP:Source:Standard:1.0 has version 5.38.2, i.e. not affected.