"Fix read/write past buffer end: perl-security#140" appears to be a reasonably detailed description of CVE-2023-47038.

I'm still hunting around for a similar description of CVE-2023-47039.