AmazonALAS-2024-2557Medium: hsqldb
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
20.6%
Issue Overview:
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a “database/script” file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. (CVE-2023-1183)
Affected Packages:
hsqldb
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update hsqldb to update your system.
New Packages:
noarch:
hsqldb-1.8.1.3-15.amzn2.0.3.noarch
hsqldb-manual-1.8.1.3-15.amzn2.0.3.noarch
hsqldb-javadoc-1.8.1.3-15.amzn2.0.3.noarch
hsqldb-demo-1.8.1.3-15.amzn2.0.3.noarch
src:
hsqldb-1.8.1.3-15.amzn2.0.3.src
Additional References
Red Hat: CVE-2023-1183
Mitre: CVE-2023-1183
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | noarch | hsqldb | < 1.8.1.3-15.amzn2.0.3 | hsqldb-1.8.1.3-15.amzn2.0.3.noarch.rpm |
| Amazon Linux | 2 | noarch | hsqldb-manual | < 1.8.1.3-15.amzn2.0.3 | hsqldb-manual-1.8.1.3-15.amzn2.0.3.noarch.rpm |
| Amazon Linux | 2 | noarch | hsqldb-javadoc | < 1.8.1.3-15.amzn2.0.3 | hsqldb-javadoc-1.8.1.3-15.amzn2.0.3.noarch.rpm |
| Amazon Linux | 2 | noarch | hsqldb-demo | < 1.8.1.3-15.amzn2.0.3 | hsqldb-demo-1.8.1.3-15.amzn2.0.3.noarch.rpm |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
20.6%