CVE-2022-26305

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html
https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:libreoffice:libreoffice::::::::
	cpe:2.3:a:libreoffice:libreoffice::::::::

History

26 Mar 2023, 23:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html -

19 Aug 2022, 17:45

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 7.5

02 Aug 2022, 14:03

Type	Values Removed	Values Added
References	~~(MISC) https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305 -~~	(MISC) https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305 - Vendor Advisory
CPE		cpe:2.3:a:libreoffice:libreoffice::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		CWE-295
First Time		Libreoffice libreoffice Libreoffice

25 Jul 2022, 15:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-25 15:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-26305

Mitre link : CVE-2022-26305

CVE.ORG link : CVE-2022-26305

JSON object : View

Products Affected

libreoffice

libreoffice

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2022-26305", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2022-07-25T15:15:09.303", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html", "source": "security@documentfoundation.org"}, {"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305", "tags": ["Vendor Advisory"], "source": "security@documentfoundation.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "security@documentfoundation.org", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1."}, {"lang": "es", "value": "Una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Certificados en LibreOffice en la que la determinaci\u00f3n de si una macro estaba firmada por un autor confiable al comparar \u00fanicamente el n\u00famero de serie y la cadena del emisor del certificado usado con los de un certificado confiable. Esto no es suficiente para verificar que la macro fue realmente firmada con el certificado. Por lo tanto, un adversario podr\u00eda crear un certificado arbitrario con un n\u00famero de serie y una cadena de emisor id\u00e9nticos a los de un certificado confiable, que LibreOffice presentar\u00eda como pertenecientes al autor confiable, lo que podr\u00eda conllevar que el usuario ejecutara c\u00f3digo arbitrario contenido en macros no debidamente confiables. Este problema afecta a: The Document Foundation LibreOffice versiones 7.2 anteriores a 7.2.7; versiones 7.3 anteriores a 7.3.1"}], "lastModified": "2023-03-26T23:15:07.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20BCBB73-64D6-44F0-8B7F-F94269E9EEDA", "versionEndExcluding": "7.2.7", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EF12C7E-78D4-435E-BF1C-55F13566DD1D", "versionEndExcluding": "7.3.2", "versionStartIncluding": "7.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@documentfoundation.org"}