Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2023-47039

Published: 02/01/2024 Updated: 28/03/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Perl

Vulnerability Summary

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

perl perl

Vendor Advisories

Debian CVElist Bug Report Logs: perl: CVE-2023-47038: Write past buffer end via illegal user-defined Unicode property
Debian Bug report logs - #1056746 perl: CVE-2023-47038: Write past buffer end via illegal user-defined Unicode property Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Reported by: Niko Tyni <ntyni@debianorg> Date: Sat, 25 Nov 2023 20:21:01 UTC S ...
Red Hat:
Description<!---->A vulnerability was found in Perl This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmdexe`) When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmdexe` within the operating system However, due to path search o ...

Mailing Lists

Full Disclosure: New CVEs and security fix releases for perl
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> New CVEs and security fix releases for perl <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Alan Coopersmith &lt; ...

References

CWE-787https://access.redhat.com/security/cve/CVE-2023-47039https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746https://bugzilla.redhat.com/show_bug.cgi?id=2249525https://security.netapp.com/advisory/ntap-20240208-0005/https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerabilityhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-47039
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook