CVE-2010-3378 — Scilab vulnerability

4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 81.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Scilab Debian Scilab

Timeline

PublishedOct 20

Latest updateMay 17

Description

The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/scilab< scilab 5.2.2-8 (bookworm)

▶Debianscilab/scilab< 5.2.2-8+3

▶NVDscilab/scilab5.2.2

🔴Vulnerability Details

GHSA

GHSA-mph3-4783-gqf7: The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5↗2022-05-17

▶

OSV

CVE-2010-3378: The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5↗2010-10-20

▶

📋Vendor Advisories

Debian

CVE-2010-3378: scilab - The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5.2.2 p...↗2010

▶