Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 918612 (CVE-2023-47038) - <dev-lang/perl-5.38.2 : Write past buffer end via illegal user-defined Unicode property
Summary: <dev-lang/perl-5.38.2 : Write past buffer end via illegal user-defined Unicod...
Status: RESOLVED FIXED
Alias: CVE-2023-47038
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 920096
Blocks:
  Show dependency tree
 
Reported: 2023-11-26 15:29 UTC by Sam James
Modified: 2024-11-17 09:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-11-26 15:29:22 UTC
From https://github.com/Perl/perl5/commit/2d00bc45c5a0a53e522a6b986b0e343097e4696c#diff-9519bf71d633eb5c46351ee781b20b95f5420217819cd9dae32176dc210b2d47R40:

"""
=head2 CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property

This vulnerability was reported directly to the Perl security team by
Nathan Mills C<the.true.nathan.mills@gmail.com>.

A crafted regular expression when compiled by perl 5.30.0 through
5.38.0 can cause a one-byte attacker controlled buffer overflow in a
heap allocated buffer.
"""
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-11-26 15:49:59 UTC
Fixed in 5.38.1.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-11-26 16:26:50 UTC

commit d1b2c352339239dc5d153081567aef0286828084 (origin/master, origin/HEAD)
Author: Andreas K. Hüttel <dilfridge@gentoo.org>
Date:   Sun Nov 26 17:15:35 2023 +0100

    dev-lang/perl: add 5.38.1

    One test fails (porting/regen.t), but that's harmless. Fix coming soon.

    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

commit df327deb744b58519799378d67c3e219b126e96c
Author: Andreas K. Hüttel <dilfridge@gentoo.org>
Date:   Sun Nov 26 16:47:35 2023 +0100

    package.mask: Add perl 5.38.1 WIP mask

    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Comment 3 Larry the Git Cow gentoo-dev 2023-11-29 22:34:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0b7369815e7f995486d0fe256bfeda1f4a0eaec

commit c0b7369815e7f995486d0fe256bfeda1f4a0eaec
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2023-11-29 22:32:53 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2023-11-29 22:34:01 +0000

    package.mask: Unmask Perl 5.38.2
    
    Bug: https://bugs.gentoo.org/918612
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 profiles/package.mask | 7 -------
 1 file changed, 7 deletions(-)
Comment 4 Hans de Graaff gentoo-dev Security 2023-12-01 06:54:23 UTC
Given that this is a one byte write overflow I've classified it at "3" assuming that just having that one byte will be hard to exploit for e.g. RCE. We can upgrade to "2" if that assumption is wrong.
Comment 5 Hans de Graaff gentoo-dev Security 2024-11-17 09:03:29 UTC
(In reply to Hans de Graaff from comment #4)
> Given that this is a one byte write overflow I've classified it at "3"
> assuming that just having that one byte will be hard to exploit for e.g.
> RCE. We can upgrade to "2" if that assumption is wrong.

This assumption is wrong, even one byte could lead to RCE.
Comment 6 Larry the Git Cow gentoo-dev 2024-11-17 09:51:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=06b1665a387d4d7cb73b9b91b99b6ed644d013ed

commit 06b1665a387d4d7cb73b9b91b99b6ed644d013ed
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-11-17 09:51:20 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-11-17 09:51:58 +0000

    [ GLSA 202411-09 ] Perl: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/807307
    Bug: https://bugs.gentoo.org/905296
    Bug: https://bugs.gentoo.org/918612
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202411-09.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)