exploitDog

CVE-2023-3297

Опубликовано: 01 сент. 2023

Источник: nvd

CVSS3: 8.1

CVSS3: 7.8

EPSS Низкий

Описание

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

Ссылки

https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182
Exploit
Issue Tracking
Vendor Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/
Exploit
Third Party Advisory
https://ubuntu.com/security/notices/USN-6190-1
Vendor Advisory
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182
Exploit
Issue Tracking
Vendor Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/
Exploit
Third Party Advisory
https://ubuntu.com/security/notices/USN-6190-1
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*

Версия до 23.13.9-2ubuntu2 (исключая)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*

Версия до 22.08.8-1ubuntu7.1 (исключая)

cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*

Версия до 22.08.8-1ubuntu7.1 (исключая)

cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*

Версия до 22.07.5-2ubuntu1.4 (исключая)

cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*

Версия до 0.6.55-0ubuntu12\~20.04.6 (исключая)

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Конфигурация 6

Одно из

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00056

Низкий

8.1 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-416

CWE-416

Связанные уязвимости

CVE-2023-3297

CVSS3: 8.1

ubuntu

больше 2 лет назад

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

CVE-2023-3297

CVSS3: 8.4

redhat

больше 2 лет назад

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

CVE-2023-3297

CVSS3: 7.8

msrc

12 месяцев назад

Описание отсутствует

CVE-2023-3297

CVSS3: 8.1

debian

больше 2 лет назад

In Ubuntu's accountsservice an unprivileged local attacker can trigger ...

GHSA-gr7p-26mx-9pgw

CVSS3: 8.1

github

больше 2 лет назад

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

EPSS

Процентиль: 18%

0.00056

Низкий

8.1 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-416

CWE-416