CVE-2023-38633
published 2023-07-22CVE-2023-38633: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem…
PriorityP429medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
2.13%
79.7th percentile
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | librsvg | < librsvg 2.54.7+dfsg-1~deb12u1 (bookworm) | librsvg 2.54.7+dfsg-1~deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnome | librsvg | >= 0 < 2.50.3+dfsg-1+deb11u1 | 2.50.3+dfsg-1+deb11u1 |
| gnome | librsvg | >= 0 < 2.54.7+dfsg-1~deb12u1 | 2.54.7+dfsg-1~deb12u1 |
| gnome | librsvg | >= 0 < 2.54.7+dfsg-1 | 2.54.7+dfsg-1 |
| gnome | librsvg | >= 0 < 2.54.7+dfsg-1 | 2.54.7+dfsg-1 |
| gnome | librsvg | >= 2.42.3 < 2.46.6 | 2.46.6 |
| gnome | librsvg | >= 2.48.0 < 2.48.11 | 2.48.11 |
| gnome | librsvg | >= 2.50.0 < 2.50.8 | 2.50.8 |
| gnome | librsvg | >= 2.52.0 < 2.52.10 | 2.52.10 |
| gnome | librsvg | >= 2.54.0 < 2.54.6 | 2.54.6 |
| gnome | librsvg | >= 2.55.0 < 2.55.3 | 2.55.3 |
| gnome | librsvg | >= 2.56.0 < 2.56.3 | 2.56.3 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
librsvg vulnerability
vendor_ubuntu·2023-08-01
CVE-2023-38633 librsvg vulnerability
Title: librsvg vulnerability
Summary: librsvg could be made to expose sensitive information.
Zac Sims discovered that librsvg incorrectly handled decoding URLs. A
remote attacker could possibly use this issue to read arbitrary files by
using an include element.
Instructions: After a standard system update you need to restart your session to make all
the necessary changes.
Red Hat
librsvg: Arbitrary file read when xinclude href has special characters
vendor_redhat·2023-07-22·CVSS 5.5
CVE-2023-38633 [MEDIUM] CWE-22 librsvg: Arbitrary file read when xinclude href has special characters
librsvg: Arbitrary file read when xinclude href has special characters
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system, affecting the data confidentiality.
Package: librsvg2 (Red H
Debian
CVE-2023-38633: librsvg - A directory traversal problem in the URL decoder of librsvg before 2.56.3 could ...
vendor_debian·2023·CVSS 5.5
CVE-2023-38633 [MEDIUM] CVE-2023-38633: librsvg - A directory traversal problem in the URL decoder of librsvg before 2.56.3 could ...
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Scope: local
bookworm: resolved (fixed in 2.54.7+dfsg-1~deb12u1)
bullseye: resolved (fixed in 2.50.3+dfsg-1+deb11u1)
forky: resolved (fixed in 2.54.7+dfsg-1)
sid: resolved (fixed in 2.54.7+dfsg-1)
trixie: resolved (fixed in 2.54.7+dfsg-1)
OSV
CVE-2023-38633: A directory traversal problem in the URL decoder of librsvg before 2
osv·2023-07-22·CVSS 5.5
CVE-2023-38633 [MEDIUM] CVE-2023-38633: A directory traversal problem in the URL decoder of librsvg before 2
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
GHSA
GHSA-jf6v-gw88-w63q: A directory traversal problem in the URL decoder of librsvg before 2
ghsa_unreviewed·2023-07-22
CVE-2023-38633 [MEDIUM] CWE-22 GHSA-jf6v-gw88-w63q: A directory traversal problem in the URL decoder of librsvg before 2
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2023/Jul/43http://www.openwall.com/lists/oss-security/2023/07/27/1http://www.openwall.com/lists/oss-security/2023/09/06/10https://bugzilla.suse.com/show_bug.cgi?id=1213502https://gitlab.gnome.org/GNOME/librsvg/-/issues/996https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/https://news.ycombinator.com/item?id=37415799https://security.netapp.com/advisory/ntap-20230831-0011/https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/https://www.debian.org/security/2023/dsa-5484http://seclists.org/fulldisclosure/2023/Jul/43http://www.openwall.com/lists/oss-security/2023/07/27/1http://www.openwall.com/lists/oss-security/2023/09/06/10https://bugzilla.suse.com/show_bug.cgi?id=1213502https://gitlab.gnome.org/GNOME/librsvg/-/issues/996https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/https://news.ycombinator.com/item?id=37415799https://security.netapp.com/advisory/ntap-20230831-0011/https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/https://www.debian.org/security/2023/dsa-5484
2023-07-22
Published