Lucene search
UbuntuUSN-6781-1HistoryMay 21, 2024 - 12:00 a.m.
Spreadsheet::ParseExcel vulnerability
2024-05-2100:00:00
ubuntu.com
17
ubuntu
spreadsheet::parseexcel
vulnerability
packages
arbitrary code execution
input validation
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
Low
EPSS
0.06
Percentile
93.6%
Releases
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- libspreadsheet-parseexcel-perl - Perl module to access information from Excel Spreadsheets
Details
Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated
input from a file into a string-type “eval”. An attacker could craft a
malicious file to achieve arbitrary code execution.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.04 | noarch | libspreadsheet-parseexcel-perl | < 0.6500-1.1ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | libspreadsheet-parseexcel-perl | < 0.6500-1ubuntu0.20.04.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libspreadsheet-parseexcel-perl | < 0.6500-1ubuntu0.18.04.1~esm1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libspreadsheet-parseexcel-perl | < 0.6500-1 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libspreadsheet-parseexcel-perl | < 0.6500-1ubuntu0.16.04.1~esm1 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libspreadsheet-parseexcel-perl | < 0.6500-1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libspreadsheet-parseexcel-perl | < 0.5800-1ubuntu0.1~esm1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libspreadsheet-parseexcel-perl | < 0.5800-1 | UNKNOWN |
References
Related
nessus
nessus
freebsd
freebsd
p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability
2023-12-29 00:00:00
debian
debian
[SECURITY] [DLA 3702-1] libspreadsheet-parseexcel-perl security update
2023-12-31 01:09:30
[SECURITY] [DSA 5592-1] libspreadsheet-parseexcel-perl security update
2023-12-30 16:14:19
osv
osv
libspreadsheet-parseexcel-perl - security update
2023-12-31 00:00:00
libspreadsheet-parseexcel-perl vulnerability
2024-05-21 13:21:26
perl-Spreadsheet-ParseExcel-0.660.0-1.1 on GA media
2024-06-15 00:00:00
cisa_kev
cisa_kev
Spreadsheet::ParseExcel Remote Code Execution Vulnerability
2024-01-02 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0158-1)
2024-01-19 00:00:00
Debian: Security Advisory (DSA-5592-1)
2024-01-12 00:00:00
Fedora: Security Advisory (FEDORA-2023-921f6975c2)
2024-01-18 00:00:00
vulnrichment
vulnrichment
CVE-2023-7101 Arbitrary Code Execution (ACE) Vulnerability
2023-12-24 21:34:46
cve
cve
CVE-2023-7101
2023-12-24 22:15:07
debiancve
debiancve
CVE-2023-7101
2023-12-24 22:15:07
ubuntucve
ubuntucve
CVE-2023-7101
2023-12-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2024-01-12 20:48:40
cvelist
cvelist
CVE-2023-7101 Arbitrary Code Execution (ACE) Vulnerability
2023-12-24 21:34:46
alpinelinux
alpinelinux
CVE-2023-7101
2023-12-24 22:15:07
attackerkb
attackerkb
CVE-2023-7101
2023-12-24 00:00:00
CVE-2023-7102
2023-12-24 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: perl-Spreadsheet-ParseExcel-0.6600-1.fc39
2024-01-08 01:24:14
[SECURITY] Fedora 38 Update: perl-Spreadsheet-ParseExcel-0.6600-1.fc38
2024-01-08 01:34:38
amazon
amazon
Important: perl-Spreadsheet-ParseExcel
2024-01-19 01:19:00
prion
prion
Format string
2023-12-24 22:15:00
nvd
nvd
CVE-2023-7101
2023-12-24 22:15:07
thn
thn
Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances
2023-12-27 12:35:00
avleonov
avleonov
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
Low
EPSS
0.06
Percentile
93.6%
Related for USN-6781-1