CVE-2023-5557

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

Published: Oct 13, 2023
Updated: Oct 19, 2023
CVE: CVE-2023-5557
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.7
AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gnome / tracker_miners	-	3.3.2
gnome / tracker_miners	3.6.0	3.6.1
gnome / tracker_miners	3.5.0	3.5.3
gnome / tracker_miners	3.4.0	3.4.5
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x

https://access.redhat.com/errata/RHSA-2023:7712
https://access.redhat.com/errata/RHSA-2023:7713
https://access.redhat.com/errata/RHSA-2023:7730
https://access.redhat.com/errata/RHSA-2023:7731
https://access.redhat.com/errata/RHSA-2023:7732
https://access.redhat.com/errata/RHSA-2023:7733
https://access.redhat.com/errata/RHSA-2023:7739
https://access.redhat.com/errata/RHSA-2023:7744
https://access.redhat.com/security/cve/CVE-2023-5557
https://bugzilla.redhat.com/show_bug.cgi?id=2243096

Vulnerability Database

289,599

CVE-2023-5557