Arbitrary Code Execution Vulnerability in Malwarebytes EDR for Linux
CVE-2023-29145

7.8HIGH

Key Information:

Vendor: Malwarebytes
Status: Malwarebytes; Endpoint Detection And Response
Vendor: CVE Published:; 30 June 2023

🔔 Create Malwarebytes Vulnerability Alert

What is CVE-2023-29145?

The Malwarebytes EDR 1.0.11 for Linux contains a flaw that allows an attacker to execute arbitrary code due to improper handling of executable libraries. By manipulating the environment variables such as LD_LIBRARY_PATH or LD_PRELOAD, or by utilizing a debugger to run an executable file, an unauthorized user can exploit this vulnerability. This could lead to serious security breaches, allowing malicious activities on the affected systems.

References

https://malwarebytes.com

https://www.malwarebytes.com/secure/cves/cve-2023-29145

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2023
Vulnerability Reserved
Mar 31, 2023

CVE-2023-29145 Data

JSON