CVE-2023-5557

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5557
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

7.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2023:7712
https://access.redhat.com/errata/RHSA-2023:7713
https://access.redhat.com/errata/RHSA-2023:7730
https://access.redhat.com/errata/RHSA-2023:7731
https://access.redhat.com/errata/RHSA-2023:7732
https://access.redhat.com/errata/RHSA-2023:7733
https://access.redhat.com/errata/RHSA-2023:7739
https://access.redhat.com/errata/RHSA-2023:7744
https://access.redhat.com/security/cve/CVE-2023-5557 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2243096 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnome:tracker_miners:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:tracker_miners:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:tracker_miners:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:tracker_miners:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-10-13 02:15

Updated : 2023-12-12 22:15

NVD link : CVE-2023-5557

Mitre link : CVE-2023-5557

CVE.ORG link : CVE-2023-5557

JSON object : View

Products Affected

redhat

  • enterprise_linux

gnome

  • tracker_miners
CWE
NVD-CWE-noinfo CWE-693

Protection Mechanism Failure