From 0e218f2deec57830576b5b10c94338748d5383d8 Mon Sep 17 00:00:00 2001
From: Weston Steimel <commits@weston.slmail.me>
Date: Fri, 20 Sep 2024 15:05:23 +0100
Subject: [PATCH] improvements to perl CVE version ranges

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
---
 data/anchore/2023/CVE-2023-47038.json | 65 ++++++++++++++++++++++++++
 data/anchore/2023/CVE-2023-47100.json | 66 +++++++++++++++++++++++++++
 2 files changed, 131 insertions(+)
 create mode 100644 data/anchore/2023/CVE-2023-47038.json
 create mode 100644 data/anchore/2023/CVE-2023-47100.json

diff --git a/data/anchore/2023/CVE-2023-47038.json b/data/anchore/2023/CVE-2023-47038.json
new file mode 100644
index 00000000..46769ff4
--- /dev/null
+++ b/data/anchore/2023/CVE-2023-47038.json
@@ -0,0 +1,65 @@
+{
+  "additionalMetadata": {
+    "cna": "redhat",
+    "cveId": "CVE-2023-47038",
+    "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.",
+    "reason": "Correct version ranges to account for backported fixes",
+    "references": [
+      "https://access.redhat.com/errata/RHSA-2024:2228",
+      "https://access.redhat.com/errata/RHSA-2024:3128",
+      "https://access.redhat.com/security/cve/CVE-2023-47038",
+      "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746",
+      "https://bugzilla.redhat.com/show_bug.cgi?id=2249523"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*"
+        ],
+        "product": "perl",
+        "repo": "https://github.com/Perl/perl5",
+        "vendor": "perl",
+        "versions": [
+          {
+            "lessThan": "5.38.1",
+            "status": "affected",
+            "version": "5.37",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "5.36.2",
+            "status": "affected",
+            "version": "5.35",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "5.34.2",
+            "status": "affected",
+            "version": "5.30",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664"
+      },
+      {
+        "url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
+      },
+      {
+        "url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
+      },
+      {
+        "url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
+      }
+    ]
+  }
+}
\ No newline at end of file
diff --git a/data/anchore/2023/CVE-2023-47100.json b/data/anchore/2023/CVE-2023-47100.json
new file mode 100644
index 00000000..d80b0433
--- /dev/null
+++ b/data/anchore/2023/CVE-2023-47100.json
@@ -0,0 +1,66 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2023-47100",
+    "description": "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.",
+    "reason": "This is a duplicate of CVE-2023-47038",
+    "references": [
+      "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010",
+      "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6",
+      "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
+    ],
+    "toDos": [
+      "Create a way to mark this as a duplicate of CVE-2023-47038"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*"
+        ],
+        "product": "perl",
+        "repo": "https://github.com/Perl/perl5",
+        "vendor": "perl",
+        "versions": [
+          {
+            "lessThan": "5.38.1",
+            "status": "affected",
+            "version": "5.37",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "5.36.2",
+            "status": "affected",
+            "version": "5.35",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "5.34.2",
+            "status": "affected",
+            "version": "5.30",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664"
+      },
+      {
+        "url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
+      },
+      {
+        "url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
+      },
+      {
+        "url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
+      }
+    ]
+  }
+}
\ No newline at end of file