CVE-2023-50254 - OpenCVE

Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Deepin	Deepin Reader

Configuration 1 [-]

cpe:2.3:a:deepin:deepin_reader:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04	Patch
https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6	Patch
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-22T16:49:48.977Z

Updated: 2023-12-22T16:49:48.977Z

Reserved: 2023-12-05T20:42:59.378Z

Link: CVE-2023-50254

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-22T17:15:09.330

Modified: 2024-01-03T20:12:07.347

Link: CVE-2023-50254

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-50254", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-05T20:42:59.378Z", "datePublished": "2023-12-22T16:49:48.977Z", "dateUpdated": "2023-12-22T16:49:48.977Z"}, "containers": {"cna": {"title": "Deepin Reader RCE vulnerability due to a design flaw", "problemTypes": [{"descriptions": [{"cweId": "CWE-27", "lang": "en", "description": "CWE-27: Path Traversal: 'dir/../../filename'", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495"}, {"name": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04", "tags": ["x_refsource_MISC"], "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04"}, {"name": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6", "tags": ["x_refsource_MISC"], "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6"}], "affected": [{"vendor": "linuxdeepin", "product": "developer-center", "versions": [{"version": "< 6.0.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-22T16:49:48.977Z"}, "descriptions": [{"lang": "en", "value": "Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue."}], "source": {"advisory": "GHSA-q9jr-726g-9495", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deepin:deepin_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "45827122-099F-45C4-9A3D-5558FB225C4D", "versionEndExcluding": "6.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue."}, {"lang": "es", "value": "El software de lectura de documentos predeterminado de Deepin Linux, `deepin-reader`, sufre una grave vulnerabilidad en versiones anteriores a la 6.0.7 debido a un fallo de dise\u00f1o que conduce a la ejecuci\u00f3n remota de comandos a trav\u00e9s de un documento docx manipulado. Esta es una vulnerabilidad de sobrescritura de archivos. La ejecuci\u00f3n remota de c\u00f3digo (RCE) se puede lograr sobrescribiendo archivos como .bash_rc, .bash_login, etc. RCE se activar\u00e1 cuando el usuario abra la terminal. La versi\u00f3n 6.0.7 contiene un parche para el problema."}], "id": "CVE-2023-50254", "lastModified": "2024-01-03T20:12:07.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-22T17:15:09.330", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-27"}], "source": "security-advisories@github.com", "type": "Secondary"}]}