Code injection

2023-08-2313:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.2%

JSON

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

CPENameOperatorVersion
ghostscriptlt9.51
codeready_linux_buildereq8.0
codeready_linux_builder_for_arm64eq8.0.0-aarch64
codeready_linux_builder_for_ibm_z_systemseq8.0.0-s390-x
codeready_linux_builder_for_power_little_endianeq8.0.0-ppc64-le
enterprise_linuxeq8.0
enterprise_linux_for_arm_64eq8.0.0-aarch64
enterprise_linux_for_ibm_z_systemseq8.0.0-s390-x
enterprise_linux_for_power_little_endianeq8.0.0-ppc64-le

Name	Operator	Version
ghostscript	lt	9.51
codeready_linux_builder	eq	8.0
codeready_linux_builder_for_arm64	eq	8.0.0-aarch64
codeready_linux_builder_for_ibm_z_systems	eq	8.0.0-s390-x
codeready_linux_builder_for_power_little_endian	eq	8.0.0-ppc64-le
enterprise_linux	eq	8.0
enterprise_linux_for_arm_64	eq	8.0.0-aarch64
enterprise_linux_for_ibm_z_systems	eq	8.0.0-s390-x
enterprise_linux_for_power_little_endian	eq	8.0.0-ppc64-le