CVE-2023-50255

CVSS V2 None CVSS V3 None

Description

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.

Overview

CVE ID
CVE-2023-50255

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-12-27T16:16:51.459Z

Last Modified Date
2023-12-27T16:16:51.459Z

Weakness Enumerations

CWE	URL
CWE-23	http://cwe.mitre.org/data/definitions/23.html
CWE-26	http://cwe.mitre.org/data/definitions/26.html
CWE-22	http://cwe.mitre.org/data/definitions/22.html

References

Reference URL	Reference Tags
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2	x_refsource_CONFIRM
https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-50255
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50255

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 18:08:05				Added to TrackCVE