Improper input validation in Fedora
CVE-2023-1183
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.744 (99.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N.
Affected products
- Fedora
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- N/a Libreoffice — versions 7.4.6, 7.5.1
Weakness classification (CWE)
Public proof-of-concept exploits
References
- access.redhat.com/security/cve/CVE-2023-1183 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2208506 (issue-tracking, x_refsource_REDHAT)
- www.libreoffice.org/about-us/security/advisories/cve-2023-1183/
- www.openwall.com/lists/oss-security/2023/12/28/4
- www.openwall.com/lists/oss-security/2024/01/03/4
Frequently asked questions
- What is CVE-2023-1183?
- CVE-2023-1183 is a medium-severity vulnerability in Fedora, classified under Improper Input Validation. CVSS score: 5.0/10. Published 2023-07-10.
- How severe is CVE-2023-1183?
- Medium severity. CVSS v3 base score is 5.0 out of 10.
- Is CVE-2023-1183 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.