Perl Vulnerabilities: Buffer Overflow (CVE-2023-47038) and Binary Hijacking (CVE-2023-47039)

Perl, a versatile and widely used programming language, has been a mainstay in the developer’s toolkit for decades. However, like any software, Perl is not immune to vulnerabilities. Recently, two critical security flaws were discovered in Perl, affecting versions 5.30.0 through 5.38.0.

CVE-2023-47038

CVE-2023-47038: Write Past Buffer End Vulnerability

The first vulnerability, CVE-2023-47038, arises from a flaw in Perl’s handling of user-defined Unicode properties. A specially crafted regular expression can trigger a one-byte buffer overflow, allowing an attacker to inject malicious code into a heap-allocated buffer. This vulnerability could potentially lead to arbitrary code execution, giving the attacker complete control over the affected system.

CVE-2023-47039: Perl for Windows Binary Hijacking

The second vulnerability, CVE-2023-47039, specifically affects Perl for Windows installations. Perl relies on the system path environment variable to locate the shell (cmd.exe) for executing programs. However, due to a path search order issue, Perl initially searches for cmd.exe within the current working directory before checking the system path.

An attacker can exploit this behavior by placing a malicious cmd.exe file in a location with weak permissions, such as C:\ProgramData. When an administrator executes an executable from this compromised location, the malicious cmd.exe file is used instead of the legitimate one, allowing the attacker to execute arbitrary code with elevated privileges.

Remediation and Mitigation

To address these vulnerabilities, Perl has released version 5.38.1, which patches both flaws. Users are strongly advised to upgrade to this latest version as soon as possible to mitigate the risk of exploitation. Additionally, it is recommended to employ defense-in-depth strategies, such as input validation and access control measures, to further enhance security.