Bug 2255476 (CVE-2023-47100)

Summary: CVE-2023-47100 perl: Perl security bypass
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: CLOSED DUPLICATE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: hmatsumo, mspacek, vondruch
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: perl 5.38.2 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Perl due to improper handling of the property name by the S_parse_uniprop_string function in regcomp.c. This issue could allow an attacker to to bypass security restrictions and use a specially crafted regular expression input to write to unallocated space.
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-01-02 05:52:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2251622, 2251624, 2251625, 2255477, 2255478, 2255479    
Bug Blocks: 2255480    

Description Avinash Hanwate 2023-12-21 04:51:40 UTC
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3

Comment 1 Avinash Hanwate 2023-12-21 05:00:01 UTC
Created perl tracking bugs for this issue:

Affects: fedora-all [bug 2255477]


Created perl:5.34/perl tracking bugs for this issue:

Affects: fedora-all [bug 2255478]


Created perl:5.36/perl tracking bugs for this issue:

Affects: fedora-all [bug 2255479]

Comment 5 Michal Josef Spacek 2023-12-21 11:41:14 UTC
This is the duplicate of CVE-2023-47038

Comment 6 Sandipan Roy 2024-01-02 05:52:27 UTC

*** This bug has been marked as a duplicate of bug 2249523 ***