CVE-2023-47100: 
NixOS vulnerability analysis and mitigation

In Perl versions from 5.30.0 to before 5.38.2, a vulnerability was discovered in the Sparseuniprop_string function within regcomp.c. The vulnerability (CVE-2023-47100) involves improper handling of property names associated with \p{...} regular expression constructs, which can lead to writing to unallocated space (NVD, MITRE).

The vulnerability occurs in the Sparseunipropstring() function which is used to parse the interior of both \p{} and user-defined sub lines. When processing a package name specifier 'utf8::', the code adjusts the lookupname pointer but fails to properly adjust all required values. This becomes problematic specifically when the property name begins with 'perl' (excluding 'perlspace' and 'perlword'). The issue results in lookup_name no longer pointing to its initial value while name remains unchanged, leading to potential writes to unallocated space. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) (NVD).

The vulnerability allows writing to unallocated space, which could potentially lead to memory corruption. Given its CVSS score of 9.8 Critical, this vulnerability could have severe implications for system security and stability (NVD).

The vulnerability has been fixed in Perl version 5.38.2. The solution involves properly handling the 'utf8::' package name stripping by ensuring both lookup_name and name are effectively shortened by the same amount (Perl Patch).