CVE-2023-52138

CVSS 3.1 Score 9.6 of 10 (high)

Details

Published Feb 5, 2024

Updated: Feb 29, 2024

CWE ID 59

CWE ID 22

CWE ID 25

Summary

CVE-2023-52138 is a Path Traversal vulnerability affecting Engrampa, an archive manager for the MATE environment. This issue allows an attacker to achieve Remote Command Execution (RCE) on a target system by crafting a malicious CPIO or ISO archive. Engrampa follows symlinks during the extraction process, and cpio, which is used by Engrampa, will follow stored symlinks without checking their locations. As a result, arbitrary file writes can occur to unintended locations, potentially leading to RCE. The vulnerability was addressed in commit 63d5dfa.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

MATE Desktop

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t8_FB7
https://www.cve.org/CVERecord?id=CVE-2023-52138
https://nvd.nist.gov/vuln/detail/CVE-2023-52138

Back to Vulnerability Database

CVE-2023-52138

CVSS 3.1 Score 9.6 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations