PT-2023-2958 · Document Foundation+9 · Libreoffice+9

Eike Rathke

Publicado

2023-05-24

Atualizado

2024-01-22

CVE-2023-0950

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreOffice versions 7.4.0 through 7.4.5 LibreOffice versions 7.5.0 through 7.5.0

Description The issue is related to an improper validation of array index in the spreadsheet component, allowing an attacker to craft a malicious spreadsheet document. This can cause an array index underflow when loaded, potentially leading to the execution of arbitrary code. Malformed spreadsheet formulas, such as AGGREGATE, can be created with fewer parameters than expected, contributing to the array index underflow.

Recommendations For LibreOffice versions 7.4.0 through 7.4.5, update to version 7.4.6 or later. For LibreOffice versions 7.5.0 through 7.5.0, update to version 7.5.1 or later. As a temporary workaround, consider avoiding the use of the AGGREGATE formula in spreadsheet documents until the issue is resolved.

Exploit

Correção

Improper Validation of Array Index

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-129CWE-357

Identificadores relacionados

ALSA-2023:6508

ALSA-2023:6933

ALT-PU-2023-1920

ALT-PU-2023-2047

ALT-PU-2023-5557

ALT-PU-2024-1179

BDU:2023-02967

BDU:2023-02968

CESA-2023_6933

CVE-2023-0950

DLA-3526-1

DSA-5415-1

MGASA-2023-0194

RHSA-2023:6508

RHSA-2023:6933

RHSA-2023_6508

RHSA-2023_6933

SUSE-FU-2023:3413-1

SUSE-FU-2023:3696-1

SUSE-SU-2024:0075-1

USN-6144-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Libreoffice

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

PT-2023-2958 · Document Foundation+9 · Libreoffice+9

CVE-2023-0950

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 70