CVE-2023-47100

Published: 12/2/2023 Last updated: 6/30/2025 Reserved: 10/30/2023

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	9.8	Critical	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (3)

bap-std conf-perl goblint-cil

Products affected (2)

Product	Vendor	Version
n/a	n/a	All versions < V2302.0002
n/a	n/a	5.12

References (12)

https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010