CVE-2023-26314
Summary
| CVE | CVE-2023-26314 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-02-22 07:15:00 UTC |
| Updated | 2023-03-02 20:03:00 UTC |
| Description | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Application | Mono-project | Mono | 5.18.0.240\+dfsg-3 | All | All | All |
| Application | Mono-project | Mono | 6.8.0.105\+dfsg-3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations | MISC | www.openwall.com | |
| #972146 - /usr/share/applications/mono-runtime-common.desktop: should not handle MIME type by executing arbitrary code - Debian Bug report logs | MISC | bugs.debian.org | |
| [SECURITY] [DLA 3343-1] mono security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.