First published: Sun Mar 05 2023(Updated: )
debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.)
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Debmany | =0.88.1 | |
ubuntu/debian-goodies | <0.84ubuntu0.1 | 0.84ubuntu0.1 |
ubuntu/debian-goodies | <0.87ubuntu1.1 | 0.87ubuntu1.1 |
ubuntu/debian-goodies | <0.88.1ubuntu1.2 | 0.88.1ubuntu1.2 |
debian/debian-goodies | <=0.84<=0.87<=0.88.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-27635 is a vulnerability in debian-goodies 0.88.1 that allows attackers to execute arbitrary shell commands.
The CVE-2023-27635 vulnerability can be exploited by sending a crafted .deb file to debian-goodies 0.88.1, which triggers an eval call and allows the execution of arbitrary shell commands.
The severity of CVE-2023-27635 is high, with a severity score of 7.8.
CVE-2023-27635 affects debian-goodies version 0.88.1.
Yes, upgrading to a fixed version of debian-goodies is recommended to fix CVE-2023-27635.