Russian Vulnerability Scanner Database

Back to List

CVE-2023-44446

Scores

EPSS Score

0.0193

CVSS

3.x 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0
0.0

Description

Уязвимость GStreamer MXF File Parsing Use-After-Free Remote Code Execution. Эта уязвимость позволяет удаленным злоумышленникам выполнять произвольный код на уязвимых установках GStreamer. Для эксплуатации этой уязвимости требуется взаимодействие с этой библиотекой, но векторы атак могут различаться в зависимости от реализации. Конкретная ошибка существует в процессе анализа видеофайлов MXF. Проблема возникает из-за отсутствия проверки существования объекта перед выполнением операций над ним. Злоумышленник может использовать эту уязвимость для выполнения кода в контексте текущего процесса. Ранее было ZDI-CAN-22299.

Sources

astradebiannvdredhatubuntu

CWEs

CWE-416

Related Vulnerabilities

BDU:2023-08257ROS-20240731-03oval:redos:def:2615

Reference Links

https://gstreamer.freedesktop.org/security/sa-2023-0010.html
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5635
https://ubuntu.com/security/notices/USN-6526-1
https://www.cve.org/CVERecord?id=CVE-2023-44446
https://gstreamer.freedesktop.org/security/sa-2023-0010.html
https://www.zerodayinitiative.com/advisories/ZDI-23-1647/
https://gstreamer.freedesktop.org/security/sa-2023-0010.html
https://www.zerodayinitiative.com/advisories/ZDI-23-1647/
https://www.cve.org/CVERecord?id=CVE-2023-44446 https://nvd.nist.gov/vuln/detail/CVE-2023-44446 https://gstreamer.freedesktop.org/security/sa-2023-0010.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-22299
https://bugzilla.redhat.com/show_bug.cgi?id=2250249

Vulnerable Software

Type: Configuration

Product: gst-plugins-bad0.10

Operating System: ubuntu xenial 16.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: gst-plugins-bad0.10

Operating System: ubuntu trusty 14.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: gst-plugins-bad0.10

Operating System: ubuntu bionic 18.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: gst-plugins-bad0.10

Operating System: debian

Trait: 
{
  "unfixed": true
}

Source: debian

Type: Configuration

Product: gst-plugins-bad1.0

Operating System: debian

Trait: 
{
  "fixed": "1.22.7-1"
}

Source: debian

Type: Configuration

Product: gst-plugins-bad1.0

Operating System: astra 1.7.5.16

Trait: 
{
  "unaffected": true
}

Source: astra

Type: Configuration

Product: gst-plugins-bad1.0

Operating System: ubuntu xenial 16.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: gst-plugins-bad1.0

Operating System: ubuntu trusty 14.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: gst-plugins-bad1.0

Operating System: ubuntu lunar 23.04

Trait: 
{
  "fixed": "1.22.1-1ubuntu1.1"
}

Source: ubuntu

Type: Configuration

Product: gst-plugins-bad1.0

Operating System: ubuntu jammy 22.04

Trait: 
{
  "fixed": "1.20.3-0ubuntu1.1"
}

Source: ubuntu

Type: Configuration

Product: gst-plugins-bad1.0

Operating System: ubuntu focal 20.04

Trait: 
{
  "fixed": "1.16.3-0ubuntu1.1"
}

Source: ubuntu

Type: Configuration

Product: gst-plugins-bad1.0

Operating System: ubuntu bionic 18.04

Trait: 
{
  "unfixed": true
}

Source: ubuntu

Type: Configuration

Product: gst-plugins-bad1.0

Operating System: astra 1.7.5.16

Trait: 
{
  "unaffected": true
}

Source: astra

Type: Configuration

Product: gstreamer-plugins-bad-free

Operating System: rhel 7

Trait: 
{
  "fixed": "0.10.23-24.el7_9"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.18.4-6.el9_0"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.16.1-2.el8_8"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.16.1-2.el8_6"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.16.1-2.el8_4"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.16.1-2.el8_4"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.16.1-2.el8_4"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.18.4-7.el9_2"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.16.1-2.el8_2"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.16.1-2.el8_2"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.16.1-2.el8_9"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.16.1-2.el8_2"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel 7

Trait: 
{
  "fixed": "1.10.4-4.el7_9"
}

Source: redhat

Type: Configuration

Product: gstreamer1-plugins-bad-free

Operating System: rhel

Trait: 
{
  "fixed": "1.22.1-2.el9_3"
}

Source: redhat

Type: Configuration

Vendor: gstreamer_project

Product: gstreamer

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "1.22.7",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd