CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

Published: Feb 22, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-26314
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mono-project / mono	6.8.0.105+dfsg-3	6.8.0.105+dfsg-3.x
mono-project / mono	5.18.0.240+dfsg-3	5.18.0.240+dfsg-3.x
debian / debian_linux	10.0	10.0.x

https://bugs.debian.org/972146
https://lists.debian.org/debian-lts-announce/2023/02/msg00037.html
https://www.openwall.com/lists/oss-security/2023/01/05/1

Vulnerability Database

289,697

CVE-2023-26314