9.8
CRITICAL CVSS 3.1
CVE-2023-47100
Perl Buffer Overflow Vulnerability
Description

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-47038. Reason: This record is a duplicate of CVE-2023-47038. Notes: All CVE users should reference CVE-2023-47038 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

INFO

Published Date :

Dec. 2, 2023, 11:15 p.m.

Last Modified :

Oct. 7, 2025, 6:15 p.m.

Remotely Exploit :

Yes !
Affected Products

The following products are affected by CVE-2023-47100 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Perl perl
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
CVSS 3.1 CRITICAL 134c704f-9b21-4f2e-91b3-4a467353bcc0
Solution
A buffer overflow vulnerability exists in Perl. To remediate, update the Perl packages.
  • Update the Perl packages to a version greater than 5.38.2.
  • If updated packages are unavailable, consult the vendor for more information.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-47100 vulnerability anywhere in the article.

  • Daily CyberSecurity
CVE-2025-40909: Perl Threads Vulnerability Exposes File Operation Race Condition

A newly disclosed vulnerability in Perl’s threading mechanism, tracked as CVE-2025-40909, exposes systems to race conditions involving the working directory, potentially enabling local attackers to ma ... Read more

Published Date: May 31, 2025 (4 months, 2 weeks ago)
  • Daily CyberSecurity
Outlaw Botnet Exploits Weak SSH to Hijack Linux Systems for Crypto Mining

While high-profile ransomware and state-backed APT groups often dominate headlines, it’s crucial not to overlook quieter yet persistent threats. One such threat is Outlaw (also known as “Dota”), a Per ... Read more

Published Date: May 01, 2025 (5 months, 2 weeks ago)
  • Daily CyberSecurity
CVE-2024-56406: Heap Overflow Vulnerability in Perl Threatens Denial of Service and Potential Code Execution

Perl, a versatile programming language widely used for various tasks like system administration and web development, has been found to contain a security vulnerability. A recently discovered heap buff ... Read more

Published Date: Apr 13, 2025 (6 months ago)
  • Cybersecurity News
Critical CVE-2024-45321 Flaw in Popular Perl Module Installer cpanminus, No Patch Available

In a significant security advisory, the Perl community has been alerted to a critical vulnerability, CVE-2024-45321, affecting the widely-used App::cpanminus (cpanm) tool. Rated with a CVSS score of 9 ... Read more

Published Date: Aug 29, 2024 (1 year, 1 month ago)

The following table lists the changes that have been made to the CVE-2023-47100 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    Oct. 07, 2025

    Action Type Old Value New Value
    Changed Description In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-47038. Reason: This record is a duplicate of CVE-2023-47038. Notes: All CVE users should reference CVE-2023-47038 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
    Removed CVSS V3.1 NIST: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Removed CVSS V3.1 CISA-ADP: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Removed CWE NIST: CWE-755
    Removed CWE CISA-ADP: CWE-755
    Removed CPE Configuration OR *cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* versions from (including) 5.30.0 up to (excluding) 5.38.2
    Removed Reference MITRE: https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
    Removed Reference MITRE: https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
    Removed Reference MITRE: https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
    Removed Reference CVE: https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
    Removed Reference CVE: https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
    Removed Reference CVE: https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
    Removed Reference Type MITRE: https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 Types: Patch
    Removed Reference Type CVE: https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 Types: Patch
  • CVE Rejected by [email protected]

    Oct. 07, 2025

    Action Type Old Value New Value
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 30, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-755
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
    Added Reference https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
    Added Reference https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Dec. 14, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 [No types assigned]
    Added Reference MITRE https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 [No types assigned]
  • Initial Analysis by [email protected]

    Dec. 08, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 No Types Assigned https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 Patch
    Added CWE NIST CWE-755
    Added CPE Configuration OR *cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* versions from (including) 5.30.0 up to (excluding) 5.38.2
  • CVE Modified by [email protected]

    Dec. 03, 2023

    Action Type Old Value New Value
    Changed Description In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earlies affected version is 5.30.0. In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
  • CVE Received by [email protected]

    Dec. 02, 2023

    Action Type Old Value New Value
    Added Description In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earlies affected version is 5.30.0.
    Added Reference MITRE https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.08 }} 0.00%

score

0.25051

percentile