CVE-2023-50255 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-50255 Interim 1 6 2025-02-16T02:01:10Z current 2023-12-29T00:09:20Z 2025-02-16T02:01:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-50255 Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E6RI57PVHBNFGBEIH77ZL73GRPMDNIGO/ E-Mail link for openSUSE-SU-2023:0423-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAZVQ2SNKDTHKSUK47UVIS2467BT56Z4/ E-Mail link for openSUSE-SU-2023:0424-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP4 SUSE Package Hub 15 SP5 openSUSE Leap 15.4 openSUSE Leap 15.5 openSUSE Tumbleweed deepin-compressor-5.12.13-2.1 deepin-compressor-5.12.13-bp155.2.3.1 deepin-compressor-5.12.2-bp154.2.3.1 deepin-compressor-lang-5.12.13-2.1 deepin-compressor-lang-5.12.13-bp155.2.3.1 deepin-compressor-lang-5.12.2-bp154.2.3.1 deepin-compressor-5.12.2-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 deepin-compressor-lang-5.12.2-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 deepin-compressor-5.12.13-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 deepin-compressor-lang-5.12.13-bp155.2.3.1 as a component of SUSE Package Hub 15 SP5 deepin-compressor-5.12.2-bp154.2.3.1 as a component of openSUSE Leap 15.4 deepin-compressor-lang-5.12.2-bp154.2.3.1 as a component of openSUSE Leap 15.4 deepin-compressor-5.12.13-bp155.2.3.1 as a component of openSUSE Leap 15.5 deepin-compressor-lang-5.12.13-bp155.2.3.1 as a component of openSUSE Leap 15.5 deepin-compressor-5.12.13-2.1 as a component of openSUSE Tumbleweed deepin-compressor-lang-5.12.13-2.1 as a component of openSUSE Tumbleweed Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability. CVE-2023-50255 SUSE Package Hub 15 SP4:deepin-compressor-5.12.2-bp154.2.3.1 SUSE Package Hub 15 SP4:deepin-compressor-lang-5.12.2-bp154.2.3.1 SUSE Package Hub 15 SP5:deepin-compressor-5.12.13-bp155.2.3.1 SUSE Package Hub 15 SP5:deepin-compressor-lang-5.12.13-bp155.2.3.1 openSUSE Leap 15.4:deepin-compressor-5.12.2-bp154.2.3.1 openSUSE Leap 15.4:deepin-compressor-lang-5.12.2-bp154.2.3.1 openSUSE Leap 15.5:deepin-compressor-5.12.13-bp155.2.3.1 openSUSE Leap 15.5:deepin-compressor-lang-5.12.13-bp155.2.3.1 openSUSE Tumbleweed:deepin-compressor-5.12.13-2.1 openSUSE Tumbleweed:deepin-compressor-lang-5.12.13-2.1 important 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H