CVE-2023-50255 — Vulnetix

CVE-2023-50255 PUBLISHED CVSS 9.300000190734863 CRITICAL

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.

EPSS 0.43% · 62.8th percentile

Risk Scores

CVSS 3.1

9.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

EPSS Score

0.43%

62.8th percentile

Affected Products

Vendor	Product	Versions
deepin	deepin-compressor	0, 0
linuxdeepin	developer-center	< 5.12.21, < 5.12.21

Exploit Intelligence

CIRCL seen: CVE-2023-50255 (circl-sighting)
CIRCL seen: CVE-2023-50255 (circl-sighting)
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2 (nist-nvd)
https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6 (circl)

Timeline

Jan 21, 1970 Security Advisory
Dec 27, 2023 CVE Published
Dec 27, 2023 PoC Published
Dec 28, 2023 EPSS Score
Jan 19, 2024 PoC Published
Jan 26, 2024 EPSS Score
Feb 23, 2024 EPSS Score
Mar 23, 2024 EPSS Score
Apr 21, 2024 EPSS Score
May 20, 2024 EPSS Score
Jun 17, 2024 EPSS Score
Jul 16, 2024 EPSS Score

References

Open in Interactive Console →