CVE-2023-50255

Опубликовано: 27 дек. 2023

Источник: nvd

CVSS3: 9.3

CVSS3: 7.8

EPSS Низкий

Описание

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6
Patch
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2
Exploit
Third Party Advisory
https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6
Patch
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deepin:deepin-compressor:*:*:*:*:*:*:*:*

Версия до 5.12.21 (исключая)

EPSS

Процентиль: 62%

0.00427

Низкий

9.3 Critical

CVSS3

7.8 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2023-50255

CVSS3: 9.3

debian

около 2 лет назад

Deepin-Compressor is the default archive manager of Deepin Linux OS. P ...

openSUSE-SU-2023:0424-1

suse-cvrf

около 2 лет назад

Security update for deepin-compressor

openSUSE-SU-2023:0423-1

suse-cvrf

около 2 лет назад

Security update for deepin-compressor

EPSS

Процентиль: 62%

0.00427

Низкий

9.3 Critical

CVSS3

7.8 High

CVSS3

Дефекты

CWE-22