csaf_certbund - wid-sec-w-2023-3046

wid-sec-w-2023-3046

Vulnerability from csaf_certbund

Published

2023-12-03 23:00

Modified

2024-02-21 23:00

Summary

Perl: Schwachstelle ermöglicht Manipulation von Dateien

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Perl ist eine freie, plattformunabhängige und interpretierte Programmiersprache (Skriptsprache).

Angriff

Ein Angreifer kann eine Schwachstelle in Perl ausnutzen, um Dateien zu manipulieren.

Betroffene Betriebssysteme

- UNIX - Linux - MacOS X - Windows - Sonstiges

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "mittel",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Perl ist eine freie, plattformunabhängige und interpretierte Programmiersprache (Skriptsprache).",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein Angreifer kann eine Schwachstelle in Perl ausnutzen, um Dateien zu manipulieren.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- UNIX\n- Linux\n- MacOS X\n- Windows\n- Sonstiges",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2023-3046 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3046.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2023-3046 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3046",
         },
         {
            category: "external",
            summary: "GitHub Advisory Database vom 2023-12-03",
            url: "https://github.com/advisories/GHSA-hx28-vm67-xh3r",
         },
         {
            category: "external",
            summary: "NIST Vulnerability Database vom 2023-12-03",
            url: "https://nvd.nist.gov/vuln/detail/CVE-2023-47100",
         },
         {
            category: "external",
            summary: "IBM Security Bulletin 7122628 vom 2024-02-22",
            url: "https://www.ibm.com/support/pages/node/7122628",
         },
      ],
      source_lang: "en-US",
      title: "Perl: Schwachstelle ermöglicht Manipulation von Dateien",
      tracking: {
         current_release_date: "2024-02-21T23:00:00.000+00:00",
         generator: {
            date: "2024-08-15T18:02:16.637+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.5",
            },
         },
         id: "WID-SEC-W-2023-3046",
         initial_release_date: "2023-12-03T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2023-12-03T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2024-02-21T23:00:00.000+00:00",
               number: "2",
               summary: "Neue Updates von IBM aufgenommen",
            },
         ],
         status: "final",
         version: "2",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "7.3",
                        product: {
                           name: "IBM AIX 7.3",
                           product_id: "1139691",
                           product_identification_helper: {
                              cpe: "cpe:/o:ibm:aix:7.3",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "AIX",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "4.1",
                        product: {
                           name: "IBM VIOS 4.1",
                           product_id: "1522854",
                           product_identification_helper: {
                              cpe: "cpe:/a:ibm:vios:4.1",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "VIOS",
               },
            ],
            category: "vendor",
            name: "IBM",
         },
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "< 5.38.2",
                        product: {
                           name: "Open Source Perl < 5.38.2",
                           product_id: "T031438",
                        },
                     },
                  ],
                  category: "product_name",
                  name: "Perl",
               },
            ],
            category: "vendor",
            name: "Open Source",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-47100",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Perl. Dieser Fehler besteht in der Komponente regcomp.c, die es erlaubt, aufgrund eines falsch behandelten Eigenschaftsnamens in nicht zugewiesenen Speicher zu schreiben. Ein Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren.",
            },
         ],
         product_status: {
            known_affected: [
               "1139691",
               "1522854",
            ],
         },
         release_date: "2023-12-03T23:00:00.000+00:00",
         title: "CVE-2023-47100",
      },
   ],
}

cve-2023-47100

Vulnerability from cvelistv5

Published

2023-12-02 00:00

Modified

2024-08-02 21:01

Severity ?

Summary

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

References

▼	URL	Tags
	https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
	https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
	https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T21:01:22.641Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-12-14T04:19:29.157322",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3",
            },
            {
               url: "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6",
            },
            {
               url: "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-47100",
      datePublished: "2023-12-02T00:00:00",
      dateReserved: "2023-10-30T00:00:00",
      dateUpdated: "2024-08-02T21:01:22.641Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted