Anolis OS update for perl

Published: 2023-12-04 | Updated: 2025-03-28

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2023-47038
CWE-ID	CWE-193
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Anolis OS Operating systems & Components / Operating system perl-vmsish Operating systems & Components / Operating system package or component perl-vars Operating systems & Components / Operating system package or component perl-utils Operating systems & Components / Operating system package or component perl-subs Operating systems & Components / Operating system package or component perl-sort Operating systems & Components / Operating system package or component perl-sigtrap Operating systems & Components / Operating system package or component perl-overloading Operating systems & Components / Operating system package or component perl-overload Operating systems & Components / Operating system package or component perl-open Operating systems & Components / Operating system package or component perl-meta-notation Operating systems & Components / Operating system package or component perl-macros Operating systems & Components / Operating system package or component perl-locale Operating systems & Components / Operating system package or component perl-libnetcfg Operating systems & Components / Operating system package or component perl-less Operating systems & Components / Operating system package or component perl-if Operating systems & Components / Operating system package or component perl-filetest Operating systems & Components / Operating system package or component perl-fields Operating systems & Components / Operating system package or component perl-encoding-warnings Operating systems & Components / Operating system package or component perl-doc Operating systems & Components / Operating system package or component perl-diagnostics Operating systems & Components / Operating system package or component perl-deprecate Operating systems & Components / Operating system package or component perl-debugger Operating systems & Components / Operating system package or component perl-blib Operating systems & Components / Operating system package or component perl-base Operating systems & Components / Operating system package or component perl-autouse Operating systems & Components / Operating system package or component perl-User-pwent Operating systems & Components / Operating system package or component perl-Unicode-UCD Operating systems & Components / Operating system package or component perl-Time Operating systems & Components / Operating system package or component perl-Tie-Memoize Operating systems & Components / Operating system package or component perl-Tie-File Operating systems & Components / Operating system package or component perl-Tie Operating systems & Components / Operating system package or component perl-Thread-Semaphore Operating systems & Components / Operating system package or component perl-Thread Operating systems & Components / Operating system package or component perl-Text-Abbrev Operating systems & Components / Operating system package or component perl-Test Operating systems & Components / Operating system package or component perl-Term-ReadLine Operating systems & Components / Operating system package or component perl-Term-Complete Operating systems & Components / Operating system package or component perl-Symbol Operating systems & Components / Operating system package or component perl-SelfLoader Operating systems & Components / Operating system package or component perl-SelectSaver Operating systems & Components / Operating system package or component perl-Search-Dict Operating systems & Components / Operating system package or component perl-Safe Operating systems & Components / Operating system package or component perl-Pod-Html Operating systems & Components / Operating system package or component perl-Pod-Functions Operating systems & Components / Operating system package or component perl-Net Operating systems & Components / Operating system package or component perl-NEXT Operating systems & Components / Operating system package or component perl-Module-Loaded Operating systems & Components / Operating system package or component perl-Memoize Operating systems & Components / Operating system package or component perl-Math-Complex Operating systems & Components / Operating system package or component perl-Locale-Maketext-Simple Operating systems & Components / Operating system package or component perl-IPC-Open3 Operating systems & Components / Operating system package or component perl-I18N-LangTags Operating systems & Components / Operating system package or component perl-I18N-Collate Operating systems & Components / Operating system package or component perl-Getopt-Std Operating systems & Components / Operating system package or component perl-FindBin Operating systems & Components / Operating system package or component perl-FileHandle Operating systems & Components / Operating system package or component perl-FileCache Operating systems & Components / Operating system package or component perl-File-stat Operating systems & Components / Operating system package or component perl-File-Find Operating systems & Components / Operating system package or component perl-File-Copy Operating systems & Components / Operating system package or component perl-File-Compare Operating systems & Components / Operating system package or component perl-File-Basename Operating systems & Components / Operating system package or component perl-ExtUtils-Miniperl Operating systems & Components / Operating system package or component perl-ExtUtils-Embed Operating systems & Components / Operating system package or component perl-ExtUtils-Constant Operating systems & Components / Operating system package or component perl-English Operating systems & Components / Operating system package or component perl-Dumpvalue Operating systems & Components / Operating system package or component perl-DirHandle Operating systems & Components / Operating system package or component perl-Devel-SelfStubber Operating systems & Components / Operating system package or component perl-DBM_Filter Operating systems & Components / Operating system package or component perl-Config-Extensions Operating systems & Components / Operating system package or component perl-Class-Struct Operating systems & Components / Operating system package or component perl-Benchmark Operating systems & Components / Operating system package or component perl-AutoSplit Operating systems & Components / Operating system package or component perl-AutoLoader Operating systems & Components / Operating system package or component perl-Attribute-Handlers Operating systems & Components / Operating system package or component perl-tests Operating systems & Components / Operating system package or component perl-ph Operating systems & Components / Operating system package or component perl-mro Operating systems & Components / Operating system package or component perl-libs Operating systems & Components / Operating system package or component perl-lib Operating systems & Components / Operating system package or component perl-interpreter Operating systems & Components / Operating system package or component perl-devel Operating systems & Components / Operating system package or component perl-Time-Piece Operating systems & Components / Operating system package or component perl-Sys-Hostname Operating systems & Components / Operating system package or component perl-POSIX Operating systems & Components / Operating system package or component perl-Opcode Operating systems & Components / Operating system package or component perl-ODBM_File Operating systems & Components / Operating system package or component perl-NDBM_File Operating systems & Components / Operating system package or component perl-IO Operating systems & Components / Operating system package or component perl-I18N-Langinfo Operating systems & Components / Operating system package or component perl-Hash-Util-FieldHash Operating systems & Components / Operating system package or component perl-Hash-Util Operating systems & Components / Operating system package or component perl-GDBM_File Operating systems & Components / Operating system package or component perl-File-DosGlob Operating systems & Components / Operating system package or component perl-Fcntl Operating systems & Components / Operating system package or component perl-Errno Operating systems & Components / Operating system package or component perl-DynaLoader Operating systems & Components / Operating system package or component perl-Devel-Peek Operating systems & Components / Operating system package or component perl-B Operating systems & Components / Operating system package or component perl Operating systems & Components / Operating system package or component
Vendor	OpenAnolis

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Off-by-one

EUVDB-ID: #VU83508

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-47038

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error when processing regular expressions. A remote attacker can trigger an off-by-one error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 23

perl-vmsish: before 1.04-15

perl-vars: before 1.05-15

perl-utils: before 5.36.3-15

perl-subs: before 1.04-15

perl-sort: before 2.05-15

perl-sigtrap: before 1.10-15

perl-overloading: before 0.02-15

perl-overload: before 1.35-15

perl-open: before 1.13-15

perl-meta-notation: before 5.36.3-15

perl-macros: before 5.36.3-15

perl-locale: before 1.10-15

perl-libnetcfg: before 5.36.3-15

perl-less: before 0.03-15

perl-if: before 0.61.000-15

perl-filetest: before 1.03-15

perl-fields: before 2.27-15

perl-encoding-warnings: before 0.13-15

perl-doc: before 5.36.3-15

perl-diagnostics: before 1.39-15

perl-deprecate: before 0.04-15

perl-debugger: before 1.60-15

perl-blib: before 1.07-15

perl-base: before 2.27-15

perl-autouse: before 1.11-15

perl-User-pwent: before 1.03-15

perl-Unicode-UCD: before 0.78-15

perl-Time: before 1.03-15

perl-Tie-Memoize: before 1.1-15

perl-Tie-File: before 1.06-15

perl-Tie: before 4.6-15

perl-Thread-Semaphore: before 2.13-15

perl-Thread: before 3.05-15

perl-Text-Abbrev: before 1.02-15

perl-Test: before 1.31-15

perl-Term-ReadLine: before 1.17-15

perl-Term-Complete: before 1.403-15

perl-Symbol: before 1.09-15

perl-SelfLoader: before 1.26-15

perl-SelectSaver: before 1.02-15

perl-Search-Dict: before 1.07-15

perl-Safe: before 2.43-15

perl-Pod-Html: before 1.33-15

perl-Pod-Functions: before 1.14-15

perl-Net: before 1.03-15

perl-NEXT: before 0.69-15

perl-Module-Loaded: before 0.08-15

perl-Memoize: before 1.03-15

perl-Math-Complex: before 1.59-15

perl-Locale-Maketext-Simple: before 0.21-15

perl-IPC-Open3: before 1.22-15

perl-I18N-LangTags: before 0.45-15

perl-I18N-Collate: before 1.02-15

perl-Getopt-Std: before 1.13-15

perl-FindBin: before 1.53-15

perl-FileHandle: before 2.03-15

perl-FileCache: before 1.10-15

perl-File-stat: before 1.12-15

perl-File-Find: before 1.40-15

perl-File-Copy: before 2.39-15

perl-File-Compare: before 1.100.700-15

perl-File-Basename: before 2.85-15

perl-ExtUtils-Miniperl: before 1.11-15

perl-ExtUtils-Embed: before 1.35-15

perl-ExtUtils-Constant: before 0.25-15

perl-English: before 1.11-15

perl-Dumpvalue: before 2.27-15

perl-DirHandle: before 1.05-15

perl-Devel-SelfStubber: before 1.06-15

perl-DBM_Filter: before 0.06-15

perl-Config-Extensions: before 0.03-15

perl-Class-Struct: before 0.66-15

perl-Benchmark: before 1.23-15

perl-AutoSplit: before 5.74-15

perl-AutoLoader: before 5.74-15

perl-Attribute-Handlers: before 1.02-15

perl-tests: before 5.36.3-15

perl-ph: before 5.36.3-15

perl-mro: before 1.26-15

perl-libs: before 5.36.3-15

perl-lib: before 0.65-15

perl-interpreter: before 5.36.3-15

perl-devel: before 5.36.3-15

perl-Time-Piece: before 1.3401-15

perl-Sys-Hostname: before 1.24-15

perl-POSIX: before 2.03-15

perl-Opcode: before 1.57-15

perl-ODBM_File: before 1.17-15

perl-NDBM_File: before 1.15-15

perl-IO: before 1.50-15

perl-I18N-Langinfo: before 0.21-15

perl-Hash-Util-FieldHash: before 1.26-15

perl-Hash-Util: before 0.28-15

perl-GDBM_File: before 1.23-15

perl-File-DosGlob: before 1.12-15

perl-Fcntl: before 1.15-15

perl-Errno: before 1.36-15

perl-DynaLoader: before 1.52-15

perl-Devel-Peek: before 1.32-15

perl-B: before 1.83-15

perl: before 5.36.3-15

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0814

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.