CVE-2023-5557

Summary

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:2.1.5-2.el8_9.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support0:2.1.5-2.el8_2.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Telecommunications Update Service0:2.1.5-2.el8_2.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Update Services for SAP Solutions0:2.1.5-2.el8_2.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:2.1.5-2.el8_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service0:2.1.5-2.el8_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions0:2.1.5-2.el8_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support0:2.1.5-2.el8_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support0:2.1.5-2.el8_8.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:3.1.2-4.el9_3 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support0:3.1.2-2.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:3.1.2-4.el9_2 < *unaffected

Weaknesses

  • CWE-693: Protection Mechanism Failure

ADP Enrichment

CVE Program Container

Additional References

References