ALT-PU-2018-2056-1

Package update xdg-utils in branch p8

Version1.1.3-alt3.M80P.1

Published2018-07-25

Max severityHIGH

Severity:

Closed issues (2)

HIGH8.8

Уязвимость функции open_envvar инструмента для настройки использования пользовательских приложений по умолчанию xdg-open, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Published: 2020-04-27Modified: 2020-08-25

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

References

CVE-2017-18266

HIGH8.8

The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.

Published: 2018-05-10Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References