CVE-2023-5557

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:7712
https://access.redhat.com/errata/RHSA-2023:7713
https://access.redhat.com/errata/RHSA-2023:7730
https://access.redhat.com/errata/RHSA-2023:7731
https://access.redhat.com/errata/RHSA-2023:7732
https://access.redhat.com/errata/RHSA-2023:7733
https://access.redhat.com/errata/RHSA-2023:7739
https://access.redhat.com/errata/RHSA-2023:7744
https://access.redhat.com/security/cve/CVE-2023-5557	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2243096	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:tracker_miners::::::::
	cpe:2.3:a:gnome:tracker_miners::::::::
	cpe:2.3:a:gnome:tracker_miners::::::::
	cpe:2.3:a:gnome:tracker_miners::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

12 Dec 2023, 22:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2023:7744 -

12 Dec 2023, 16:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2023:7731 - () https://access.redhat.com/errata/RHSA-2023:7732 - () https://access.redhat.com/errata/RHSA-2023:7733 - () https://access.redhat.com/errata/RHSA-2023:7739 -

12 Dec 2023, 10:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2023:7730 -

11 Dec 2023, 16:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2023:7712 - () https://access.redhat.com/errata/RHSA-2023:7713 -

18 Oct 2023, 19:51

Type	Values Removed	Values Added
CPE		cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:a:gnome:tracker_miners::::::::
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2243096 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2243096 - Exploit, Issue Tracking, Third Party Advisory
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2023-5557 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2023-5557 - Third Party Advisory
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.7
First Time		Gnome tracker Miners Redhat Gnome Redhat enterprise Linux

13 Oct 2023, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-13 02:15

Updated : 2023-12-12 22:15

NVD link : CVE-2023-5557

Mitre link : CVE-2023-5557

CVE.ORG link : CVE-2023-5557

JSON object : View

Products Affected

redhat

enterprise_linux

gnome

tracker_miners

CWE

NVD-CWE-noinfo CWE-693

Protection Mechanism Failure

7.7 /10