The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.
References
| Link | Resource |
|---|---|
| https://malwarebytes.com | Product |
| https://www.malwarebytes.com/secure/cves/cve-2023-29145 | Vendor Advisory |
| https://malwarebytes.com | Product |
| https://www.malwarebytes.com/secure/cves/cve-2023-29145 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:56
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://malwarebytes.com - Product | |
| References | () https://www.malwarebytes.com/secure/cves/cve-2023-29145 - Vendor Advisory |
11 Jul 2023, 16:09
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:malwarebytes:endpoint_detection_and_response:*:*:*:*:*:linux:*:* cpe:2.3:a:malwarebytes:malwarebytes:*:*:*:*:*:linux:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | NVD-CWE-Other | |
| References | (MISC) https://www.malwarebytes.com/secure/cves/cve-2023-29145 - Vendor Advisory | |
| References | (MISC) https://malwarebytes.com - Product | |
| First Time |
Malwarebytes
Malwarebytes malwarebytes Malwarebytes endpoint Detection And Response |
30 Jun 2023, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-30 20:15
Updated : 2024-11-21 07:56
NVD link : CVE-2023-29145
Mitre link : CVE-2023-29145
CVE.ORG link : CVE-2023-29145
JSON object : View
Products Affected
malwarebytes
- endpoint_detection_and_response
- malwarebytes
CWE