CVE-2023-29145

Published: Jun 30, 2023Modified: Nov 26, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.

Affected (2)

Products: Malwarebytes: Endpoint Detection And Response, Malwarebytes

2 products

Endpoint Detection And Response

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Malwarebytes Endpoint Detection And Response	Up to 1.0.11
Malwarebytes Malwarebytes	Up to 1.0.14

Related CWEs

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (4)

https://malwarebytes.com

Source: cve@mitre.org

Product

https://www.malwarebytes.com/secure/cves/cve-2023-29145

Source: cve@mitre.org

Vendor Advisory

https://malwarebytes.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.malwarebytes.com/secure/cves/cve-2023-29145

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.