CVE-2023-26314
First published: Wed Feb 22 2023(Updated: )
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mono-project Mono | =5.18.0.240\+dfsg-3 | |
| Mono-project Mono | =6.8.0.105\+dfsg-3 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-26314?
CVE-2023-26314 is a vulnerability in the mono package for Debian that allows for arbitrary code execution.
What is the severity of CVE-2023-26314?
CVE-2023-26314 has a severity rating of 8.8, which is considered high.
How does CVE-2023-26314 allow code execution?
CVE-2023-26314 allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
Which versions of the mono package are affected by CVE-2023-26314?
Versions 5.18.0.240+dfsg-3 and 6.8.0.105+dfsg-3 of the mono package for Debian are affected by CVE-2023-26314.
How can I fix CVE-2023-26314?
To fix CVE-2023-26314, you should update to version 6.8.0.105+dfsg-3.3 or later of the mono package for Debian.
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/mono-project
- canonical/mono-project mono
- version/mono-project mono/5.18.0.240\+dfsg-3
- version/mono-project mono/6.8.0.105\+dfsg-3
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0