UBUNTU-CVE-2023-26266
- Source
- https://ubuntu.com/security/CVE-2023-26266
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-26266.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-26266
- Upstream
- Published
- 2023-02-21T04:15:00Z
- Modified
- 2025-07-14T06:46:15.221089Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- - medium
- Summary
- [none]
- Details
-
In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.
- References
-
- https://ubuntu.com/security/CVE-2023-26266
- https://github.com/AFLplusplus/AFLplusplus/pull/1643
- https://github.com/AFLplusplus/AFLplusplus/commit/f2be73186e2e16c3992f92b65ae9ba598d6fff2f
- https://github.com/AFLplusplus/AFLplusplus/commit/673a0a3866783bf28e31d14fbd7a9009c7816ec3
- https://www.cve.org/CVERecord?id=CVE-2023-26266
Affected packages
Ubuntu:Pro:20.04:LTS / aflplusplus
Package
- Name
- aflplusplus
- Purl
- pkg:deb/ubuntu/aflplusplus@2.60c-1build2?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / aflplusplus
Package
- Name
- aflplusplus
- Purl
- pkg:deb/ubuntu/aflplusplus@4.00c-1ubuntu1?arch=source&distro=jammy
Ubuntu:24.04:LTS / aflplusplus
Package
- Name
- aflplusplus
- Purl
- pkg:deb/ubuntu/aflplusplus@4.09c-1ubuntu3?arch=source&distro=noble