CVE-2023-0950 - OpenCVE

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Libreoffice	Libreoffice
Debian	Debian Linux

Configuration 1 [-]

OR	cpe:2.3:a:libreoffice:libreoffice::::::::
	cpe:2.3:a:libreoffice:libreoffice::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html
https://security.gentoo.org/glsa/202311-15
https://www.debian.org/security/2023/dsa-5415	Third Party Advisory
https://www.libreoffice.org/about-us/security/advisories/CVE-2023-0950	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Document Fdn.

Published: 2023-05-25T00:00:00

Updated: 2023-11-26T09:06:14.773624

Reserved: 2023-02-22T00:00:00

Link: CVE-2023-0950

JSON object: View

NVD Information

Status : Modified

Published: 2023-05-25T20:15:09.207

Modified: 2023-11-26T09:15:44.177

Link: CVE-2023-0950

JSON object: View

Redhat Information

No data.

CWE

CWE-129

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0950", "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "dateUpdated": "2023-11-26T09:06:14.773624", "dateReserved": "2023-02-22T00:00:00", "datePublished": "2023-05-25T00:00:00"}, "containers": {"cna": {"title": "Array Index UnderFlow in Calc Formula Parsing", "providerMetadata": {"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn.", "dateUpdated": "2023-11-26T09:06:14.773624"}, "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1."}], "affected": [{"vendor": "The Document Foundation", "product": "LibreOffice", "versions": [{"version": "7.4", "status": "affected", "lessThan": "7.4.6", "versionType": "custom"}, {"version": "7.5", "status": "affected", "lessThan": "7.5.1", "versionType": "custom"}]}], "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2023-0950"}, {"name": "DSA-5415", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5415"}, {"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3526-1] libreoffice security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html"}, {"name": "GLSA-202311-15", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202311-15"}], "credits": [{"lang": "en", "value": "Secusmart GmbH for discovering and reporting the issue"}, {"lang": "en", "value": "Eike Rathke of Red Hat, Inc. for a solution"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-129 Improper Validation of Array Index", "cweId": "CWE-129"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBA35157-E774-4C1A-B18E-70D9C7F08603", "versionEndExcluding": "7.4.6", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AFEF7D8-AA92-4464-B771-83F3A8ADCF8F", "versionEndExcluding": "7.5.2", "versionStartIncluding": "7.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1."}], "id": "CVE-2023-0950", "lastModified": "2023-11-26T09:15:44.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-25T20:15:09.207", "references": [{"source": "security@documentfoundation.org", "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html"}, {"source": "security@documentfoundation.org", "url": "https://security.gentoo.org/glsa/202311-15"}, {"source": "security@documentfoundation.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5415"}, {"source": "security@documentfoundation.org", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2023-0950"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-129"}], "source": "security@documentfoundation.org", "type": "Secondary"}]}