CVE-2023-26314
Published Feb 22, 2023
Last updated 2 years ago
Overview
- Description
- The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono-project:mono:5.18.0.240\\+dfsg-3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84F44FDC-98EA-4A66-8317-6F2F1EE42460"
},
{
"criteria": "cpe:2.3:a:mono-project:mono:6.8.0.105\\+dfsg-3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C03D54BC-10BC-4694-9488-6260F82E6D78"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
],
"operator": "OR"
}
]
}
]