CVE-2023-36664

Опубликовано: 27 июн. 2023

Источник: redhat

CVSS3: 8.4

Описание

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Отчет

Versions of Ghostscript shipped with Red Hat Enterprise Linux 7 and 8 are not affected as it will forbid file execution with ".invalidfileaccess" if -dSAFER is used.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	ghostscript	Out of support scope
Red Hat Enterprise Linux 7	ghostscript	Not affected
Red Hat Enterprise Linux 8	ghostscript	Not affected
Red Hat Enterprise Linux 9	ghostscript	Fixed	RHSA-2023:5459	05.10.2023
Red Hat Enterprise Linux 9.0 Extended Update Support	ghostscript	Fixed	RHSA-2023:4324	31.07.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-78

https://bugzilla.redhat.com/show_bug.cgi?id=2217798ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices

8.4 High

CVSS3

Связанные уязвимости

CVE-2023-36664

CVSS3: 7.8

ubuntu

почти 2 года назад

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

CVE-2023-36664

CVSS3: 7.8

nvd

почти 2 года назад

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

CVE-2023-36664

CVSS3: 7.8

debian

почти 2 года назад

Artifex Ghostscript through 10.01.2 mishandles permission validation f ...

SUSE-SU-2023:2844-1

suse-cvrf

почти 2 года назад

Security update for ghostscript

SUSE-SU-2023:2829-1

suse-cvrf

почти 2 года назад

Security update for ghostscript

8.4 High

CVSS3