CVE-2023-32668

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-32668
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32668.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-32668
Related
Published
2023-05-11T06:15:10Z
Modified
2024-12-10T05:48:25.103063Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.

References

Affected packages

Debian:11 / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/debian/texlive-bin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2020.20200327.54578-7+deb11u2

Affected versions

2020.*

2020.20200327.54578-7
2020.20200327.54578-7+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/debian/texlive-bin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2022.20220321.62855-5.1+deb12u1

Affected versions

2022.*

2022.20220321.62855-5.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/debian/texlive-bin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2022.20220321.62855-6

Affected versions

2022.*

2022.20220321.62855-5.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.lisn.upsaclay.fr/texlive/luatex

Affected ranges

Type
GIT
Repo
https://gitlab.lisn.upsaclay.fr/texlive/luatex
Events
Introduced
a5a9af5435b7194246a0634528c964f57a6af605
Fixed
b011b313e03b17513a896cd371de3fc664153855