CVE-2023-47100

Description

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

Category

9.8
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.07%
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 patch
https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010

Frequently Asked Questions

What is the severity of CVE-2023-47100?
CVE-2023-47100 has been scored as a critical severity vulnerability.
How to fix CVE-2023-47100?
To fix CVE-2023-47100, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-47100 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-47100 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.