exploitDog

CVE-2023-3314

Опубликовано: 03 июл. 2023

Источник: nvd

CVSS3: 8.1

CVSS3: 8.8

EPSS Низкий

Описание

A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.

Ссылки

https://kcm.trellix.com/corporate/index?page=content&id=SB10403
Vendor Advisory
https://kcm.trellix.com/corporate/index?page=content&id=SB10403
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*

Версия до 11.6.7 (исключая)

EPSS

Процентиль: 63%

0.00444

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-78

CWE-78

Связанные уязвимости

GHSA-fhm6-vp9j-33f9

CVSS3: 8.1

github

больше 2 лет назад

A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.

EPSS

Процентиль: 63%

0.00444

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-78

CWE-78