{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T17:55:06.742","vulnerabilities":[{"cve":{"id":"CVE-2023-1523","sourceIdentifier":"security@ubuntu.com","published":"2023-09-01T19:15:42.707","lastModified":"2024-11-21T07:39:21.537","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console."},{"lang":"es","value":"Utilizando la petición IOCTL de TIOCLINUX, un snap malicoso podría inyectar contenido en la entrada del terminal de control, lo que podría permitir que se ejecutaran comandos arbitrarios fuera del sandbox del snap después de que éste saliera. Los emuladores gráficos de terminal como xterm, gnome-terminal y otros no se ven afectados. Esto sólo puede ser explotado cuando los snaps se ejecutan en una consola virtual. "}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*","versionEndExcluding":"2.59.5","matchCriteriaId":"DB4DC58F-3258-44BA-B2C2-228E98A40282"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","matchCriteriaId":"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*","matchCriteriaId":"B3293E55-5506-4587-A318-D1734F781C09"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","matchCriteriaId":"902B8056-9E37-443B-8905-8AA93E2447FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*","matchCriteriaId":"359012F1-2C63-415A-88B8-6726A87830DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*","matchCriteriaId":"47842532-D2B6-44CB-ADE2-4AC8630A4D8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*","matchCriteriaId":"B2E702D7-F8C0-49BF-9FFB-883017076E98"}]}]}],"references":[{"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523","source":"security@ubuntu.com","tags":["Third Party Advisory"]},{"url":"https://github.com/snapcore/snapd/pull/12849","source":"security@ubuntu.com","tags":["Issue Tracking","Patch"]},{"url":"https://marc.info/?l=oss-security&m=167879021709955&w=2","source":"security@ubuntu.com","tags":["Exploit","Mailing List"]},{"url":"https://ubuntu.com/security/notices/USN-6125-1","source":"security@ubuntu.com","tags":["Third Party Advisory"]},{"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/snapcore/snapd/pull/12849","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://marc.info/?l=oss-security&m=167879021709955&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"https://ubuntu.com/security/notices/USN-6125-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}