Bug 2246303 (CVE-2023-46316) - CVE-2023-46316 traceroute: improper command line parsing
Summary: CVE-2023-46316 traceroute: improper command line parsing
Keywords:
Status: NEW
Alias: CVE-2023-46316
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2246301
TreeView+ depends on / blocked
 
Reported: 2023-10-26 08:48 UTC by ybuenos
Modified: 2024-05-22 10:18 UTC (History)
0 users

Fixed In Version: traceroute 2.1.3
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:2483 0 None None None 2024-04-30 10:58:28 UTC
Red Hat Product Errata RHSA-2024:3211 0 None None None 2024-05-22 10:18:24 UTC

Description ybuenos 2023-10-26 08:48:45 UTC 
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

https://security-tracker.debian.org/tracker/CVE-2023-46316
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
Comment 2 errata-xmlrpc 2024-04-30 10:58:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2483 https://access.redhat.com/errata/RHSA-2024:2483
Comment 3 errata-xmlrpc 2024-05-22 10:18:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3211 https://access.redhat.com/errata/RHSA-2024:3211
Note You need to log in before you can comment on or make changes to this bug.