CVE-2023-26314

Опубликовано: 22 фев. 2023

Источник: debian

EPSS Низкий

Описание

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mono	fixed	6.8.0.105+dfsg-3.3		package
mono	fixed	6.8.0.105+dfsg-3.3~deb11u1	bullseye	package

Примечания

https://www.openwall.com/lists/oss-security/2023/01/05/1

EPSS

Процентиль: 71%

0.00686

Низкий

Связанные уязвимости

CVE-2023-26314

CVSS3: 8.8

ubuntu

почти 3 года назад

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

CVE-2023-26314

CVSS3: 8.8

nvd

почти 3 года назад

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

GHSA-796j-2mh8-qff6

CVSS3: 8.8

github

почти 3 года назад

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

EPSS

Процентиль: 71%

0.00686

Низкий