CVE-2023-47038 & CVE-2023-47039: Two flaws found in Perl programming language
Perl, a dynamic and versatile programming language, has been a mainstay in the software development realm for over three decades. Its adaptability and extensive feature set have made it a popular choice for web applications, system administration tasks, and scientific computing. However, even the most robust programming languages are not immune to security vulnerabilities. Recently, two critical vulnerabilities were discovered in Perl that could potentially compromise sensitive data and enable unauthorized access to systems.
CVE-2023-47038: Buffer Overflow Vulnerability
The first of these vulnerabilities, identified as CVE-2023-47038, revealed a chink in Perl’s armor. This flaw was nestled within the realm of regular expressions – a fundamental aspect of Perl’s linguistic prowess. Versions 5.30.0 through 5.38.0 of Perl were found susceptible to a one-byte buffer overflow, a small yet potent fault. This vulnerability emerges when a specially crafted regular expression is compiled, leading to a buffer overflow in a heap-allocated buffer. The overflow, though seemingly minimal, could potentially pave the way for more insidious exploits.
This flaw was found by security researcher Nathan Mills, who reported it directly to the Perl security team.
CVE-2023-47039: Perl for Windows Binary Hijacking Vulnerability
The second vulnerability, CVE-2023-47039, presents a more targeted threat, specifically for Perl on Windows systems. This vulnerability revolves around the way Perl for Windows interacts with the system’s path environment variable to locate the shell (cmd.exe). In its quest to find and execute cmd.exe, Perl inadvertently prioritizes the current working directory due to path search order issues.
This behavior opens a window of opportunity for attackers, especially in locations with lax permissions, such as C:\ProgramData. By strategically placing a malicious cmd.exe in these directories, an attacker with limited privileges can orchestrate the execution of arbitrary code, especially when an administrator runs the executable from these compromised locations.
This particular vulnerability was brought to light by GitHub user ycdxsb and was reported to the Intel Product Security Incident Response Team (PSIRT), who in turn alerted the Perl security team.
Protecting Your Systems from Perl Vulnerabilities
In response to these vulnerabilities, the Perl team has released version 5.38.1, effectively patching these security gaps. This prompt action serves as a testament to Perl’s commitment to security and the proactive approach of its maintainers.