CVE-2023-47100

Опубликовано: 03 дек. 2023

Источник: redhat

CVSS3: 0

Описание

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

A flaw was found in Perl due to improper handling of the property name by the S_parse_uniprop_string function in regcomp.c. This issue could allow an attacker to to bypass security restrictions and use a specially crafted regular expression input to write to unallocated space.

Отчет

This flaw was found to be a duplicate of CVE-2023-47038. Please see https://access.redhat.com/security/cve/CVE-2023-47038 for information about affected products and security errata.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	perl	Not affected
Red Hat Enterprise Linux 7	perl	Not affected
Red Hat Enterprise Linux 8	perl	Not affected
Red Hat Enterprise Linux 8	perl:5.32/perl	Not affected
Red Hat Enterprise Linux 9	perl	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:

CWE-755

https://bugzilla.redhat.com/show_bug.cgi?id=2255476perl: Perl security bypass

0 Low

CVSS3

Связанные уязвимости

CVE-2023-47100

ubuntu

почти 2 года назад

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-47038. Reason: This record is a duplicate of CVE-2023-47038. Notes: All CVE users should reference CVE-2023-47038 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

CVE-2023-47100

nvd

почти 2 года назад

CVE-2023-47100

CVSS3: 9.8

msrc

3 месяца назад

GHSA-hx28-vm67-xh3r

CVSS3: 9.8

github

почти 2 года назад

BDU:2023-08382

CVSS3: 9.8

fstec

почти 2 года назад

Уязвимость функции S_parse_uniprop_string файла regcomp.c интерпретатора языка программирования Perl, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации

0 Low

CVSS3