We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-37378



Description

Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.

Reserved 2023-07-03 | Published 2023-07-03 | Updated 2024-09-05 | Assigner mitre

References

sf.net/p/nsis/bugs/1296

nsis.sourceforge.io/Docs/AppendixF.html

sourceforge.net/p/nsis/news/2023/07/nsis-309-released/

github.com/...ommit/281e2851fe669d10e0650fc89d0e7fb74a598967

github.com/...ommit/409b5841479c44fbf33a6ba97c1146e46f965467

github.com/...ommit/c40cf78994e74a1a3a381a850c996b251e3277c0

lists.debian.org/debian-lts-announce/2023/07/msg00005.html ([debian-lts-announce] 20230707 [SECURITY] [DLA 3483-1] nsis security update) mailing-list

lists.fedoraproject.org/...OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/ (FEDORA-2023-dfb6cc599f) vendor-advisory

lists.fedoraproject.org/...A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/ (FEDORA-2023-b9ec99605f) vendor-advisory

cve.org (CVE-2023-37378)

nvd.nist.gov (CVE-2023-37378)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-37378

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.