CVE-2023-32700

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LuaTeX versions prior to 1.17.0 TeX Live versions prior to 2023 r66984 MiKTeX versions prior to 23.5

Description The issue is related to the io.popen() function in the luatex-core.lua component, which lacks input validation. This allows an attacker to execute arbitrary shell commands when a TeX file from an untrusted source is compiled. The vulnerability can be exploited by accessing the original io.popen through luatex-core.lua.

Recommendations For LuaTeX versions prior to 1.17.0, update to version 1.17.0 or later to resolve the issue. For TeX Live versions prior to 2023 r66984, update to version 2023 r66984 or later to resolve the issue. For MiKTeX versions prior to 23.5, update to version 23.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the io.popen() function in luatex-core.lua to minimize the risk of exploitation.

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

ALSA-2023:3661

BDU:2023-03875

CESA-2023_3661

CVE-2023-32700

DLA-3427-1

DLA-3427-2

DLA-3946-1

DSA-5406-1

INFSA-2023_3661

MGASA-2023-0233

OESA-2023-1421

OPENSUSE-SU-2023_2284-2

OPENSUSE-SU-2024:12936-1

RHSA-2023:3661

RHSA-2023_3661

RLSA-2023:3661

SUSE-SU-2023:2284-1

SUSE-SU-2023:2284-2

SUSE-SU-2023:2285-1

SUSE-SU-2023:2287-1

SUSE-SU-2023_2284-1

SUSE-SU-2023_2285-1

USN-6115-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Luatex

Miktex

Red Hat

Rocky Linux

Suse

Tex Live

Ubuntu

CVE-2023-32700

Weakness Enumeration

Related Identifiers

Affected Products

References · 64