CVE-2023-5557Protection Mechanism Failure in Tracker Miners

CWE-693Protection Mechanism Failure7 documents7 sources
Severity
7.7HIGHNVD
CNA7.5
EPSS
0.0%
top 86.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gnome Tracker MinersRedhat Enterprise Linux
Timeline
PublishedOct 13
Latest updateNov 22

Description

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages1 packages

NVDgnome/tracker_miners3.4.03.4.5+3

Also affects: Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-c9fx-36x8-jr74: A flaw was found in the tracker-miners package2023-10-13
OSV
CVE-2023-5557: A flaw was found in the tracker-miners package2023-10-13
CVEList
Tracker-miners: sandbox escape2023-10-13

📋Vendor Advisories

3
Ubuntu
tracker-miners vulnerability2023-11-22
Red Hat
tracker-miners: sandbox escape2023-09-26
Debian
CVE-2023-5557: tracker-miners - A flaw was found in the tracker-miners package. A weakness in the sandbox allows...2023
CVE-2023-5557 — Protection Mechanism Failure | cvebase