CVE-2023-50254 - OpenCVE

Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Deepin	Deepin Reader

Configuration 1 [-]

cpe:2.3:a:deepin:deepin_reader:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04
https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-22T16:49:48.977Z

Updated: 2024-08-02T22:16:46.096Z

Reserved: 2023-12-05T20:42:59.378Z

Link: CVE-2023-50254

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-22T17:15:09.330

Modified: 2024-01-03T20:12:07.347

Link: CVE-2023-50254

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50254", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-05T20:42:59.378Z", "datePublished": "2023-12-22T16:49:48.977Z", "dateUpdated": "2024-08-02T22:16:46.096Z"}, "containers": {"cna": {"title": "Deepin Reader RCE vulnerability due to a design flaw", "problemTypes": [{"descriptions": [{"cweId": "CWE-27", "lang": "en", "description": "CWE-27: Path Traversal: 'dir/../../filename'", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495"}, {"name": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04", "tags": ["x_refsource_MISC"], "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04"}, {"name": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6", "tags": ["x_refsource_MISC"], "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6"}], "affected": [{"vendor": "linuxdeepin", "product": "developer-center", "versions": [{"version": "< 6.0.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-22T16:49:48.977Z"}, "descriptions": [{"lang": "en", "value": "Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue."}], "source": {"advisory": "GHSA-q9jr-726g-9495", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:46.096Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495"}, {"name": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04"}, {"name": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deepin:deepin_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "45827122-099F-45C4-9A3D-5558FB225C4D", "versionEndExcluding": "6.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue."}, {"lang": "es", "value": "El software de lectura de documentos predeterminado de Deepin Linux, `deepin-reader`, sufre una grave vulnerabilidad en versiones anteriores a la 6.0.7 debido a un fallo de dise\u00f1o que conduce a la ejecuci\u00f3n remota de comandos a trav\u00e9s de un documento docx manipulado. Esta es una vulnerabilidad de sobrescritura de archivos. La ejecuci\u00f3n remota de c\u00f3digo (RCE) se puede lograr sobrescribiendo archivos como .bash_rc, .bash_login, etc. RCE se activar\u00e1 cuando el usuario abra la terminal. La versi\u00f3n 6.0.7 contiene un parche para el problema."}], "id": "CVE-2023-50254", "lastModified": "2024-01-03T20:12:07.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-22T17:15:09.330", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-27"}], "source": "security-advisories@github.com", "type": "Secondary"}]}