Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ysjv-efv9-xke8
Vulnerability ID VCID-ysjv-efv9-xke8
Aliases CVE-2023-47038
Summary Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 6.3
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3.1 7 https://access.redhat.com/errata/RHSA-2024:2228
ssvc Track https://access.redhat.com/errata/RHSA-2024:2228
cvssv3.1 7 https://access.redhat.com/errata/RHSA-2024:3128
ssvc Track https://access.redhat.com/errata/RHSA-2024:3128
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47038.json
cvssv3.1 7 https://access.redhat.com/security/cve/CVE-2023-47038
ssvc Track https://access.redhat.com/security/cve/CVE-2023-47038
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2023-47038
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2023-47038
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2023-47038
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2023-47038
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2023-47038
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2023-47038
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2023-47038
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2023-47038
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2023-47038
cvssv3.1 7 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
ssvc Track https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
cvssv3.1 7 https://bugzilla.redhat.com/show_bug.cgi?id=2249523
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2249523
cvssv3.1 4.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47038.json
https://api.first.org/data/v1/epss?cve=CVE-2023-47038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2249523 https://bugzilla.redhat.com/show_bug.cgi?id=2249523
bugreport.cgi?bug=1056746 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
cpe:/a:redhat:enterprise_linux:8::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
CVE-2023-47038 https://access.redhat.com/security/cve/CVE-2023-47038
GLSA-202411-09 https://security.gentoo.org/glsa/202411-09
RHSA-2024:2228 https://access.redhat.com/errata/RHSA-2024:2228
RHSA-2024:3128 https://access.redhat.com/errata/RHSA-2024:3128
USN-6517-1 https://usn.ubuntu.com/6517-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:2228
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T20:34:17Z/ Found at https://access.redhat.com/errata/RHSA-2024:2228
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:3128
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T20:34:17Z/ Found at https://access.redhat.com/errata/RHSA-2024:3128
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47038.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2023-47038
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T20:34:17Z/ Found at https://access.redhat.com/security/cve/CVE-2023-47038
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T20:34:17Z/ Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2249523
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-27T20:34:17Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2249523
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.29084
EPSS Score 0.00108
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:07.261110+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202411-09 38.0.0