CVE-2023-26266

Опубликовано: 21 фев. 2023

Источник: debian

EPSS Низкий

Описание

In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.

Пакет	Статус	Версия исправления	Релиз	Тип
aflplusplus	fixed	4.04c-4		package
aflplusplus	no-dsa		bullseye	package

https://github.com/AFLplusplus/AFLplusplus/pull/1643
https://github.com/AFLplusplus/AFLplusplus/commit/f2be73186e2e16c3992f92b65ae9ba598d6fff2f
https://github.com/AFLplusplus/AFLplusplus/commit/673a0a3866783bf28e31d14fbd7a9009c7816ec3

EPSS

Процентиль: 9%

0.00033

Низкий

CVE-2023-26266

CVSS3: 7.3

ubuntu

почти 3 года назад

In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.

CVE-2023-26266

CVSS3: 7.3

nvd

почти 3 года назад

In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.

GHSA-62wp-583h-jvfj

CVSS3: 9.8

github

почти 3 года назад

In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.

EPSS

Процентиль: 9%

0.00033

Низкий