From https://github.com/Perl/perl5/commit/2d00bc45c5a0a53e522a6b986b0e343097e4696c#diff-9519bf71d633eb5c46351ee781b20b95f5420217819cd9dae32176dc210b2d47R40: """ =head2 CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property This vulnerability was reported directly to the Perl security team by Nathan Mills C<the.true.nathan.mills@gmail.com>. A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer. """
Fixed in 5.38.1.
commit d1b2c352339239dc5d153081567aef0286828084 (origin/master, origin/HEAD) Author: Andreas K. Hüttel <dilfridge@gentoo.org> Date: Sun Nov 26 17:15:35 2023 +0100 dev-lang/perl: add 5.38.1 One test fails (porting/regen.t), but that's harmless. Fix coming soon. Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> commit df327deb744b58519799378d67c3e219b126e96c Author: Andreas K. Hüttel <dilfridge@gentoo.org> Date: Sun Nov 26 16:47:35 2023 +0100 package.mask: Add perl 5.38.1 WIP mask Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0b7369815e7f995486d0fe256bfeda1f4a0eaec commit c0b7369815e7f995486d0fe256bfeda1f4a0eaec Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2023-11-29 22:32:53 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2023-11-29 22:34:01 +0000 package.mask: Unmask Perl 5.38.2 Bug: https://bugs.gentoo.org/918612 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 7 ------- 1 file changed, 7 deletions(-)
Given that this is a one byte write overflow I've classified it at "3" assuming that just having that one byte will be hard to exploit for e.g. RCE. We can upgrade to "2" if that assumption is wrong.
