CVE-2022-26305
Execution of Untrusted Macros Due to Improper Certificate Validation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.
Una vulnerabilidad de Comprobación Inapropiada de Certificados en LibreOffice en la que la determinación de si una macro estaba firmada por un autor confiable al comparar únicamente el número de serie y la cadena del emisor del certificado usado con los de un certificado confiable. Esto no es suficiente para verificar que la macro fue realmente firmada con el certificado. Por lo tanto, un adversario podría crear un certificado arbitrario con un número de serie y una cadena de emisor idénticos a los de un certificado confiable, que LibreOffice presentaría como pertenecientes al autor confiable, lo que podría conllevar que el usuario ejecutara código arbitrario contenido en macros no debidamente confiables. Este problema afecta a: The Document Foundation LibreOffice versiones 7.2 anteriores a 7.2.7; versiones 7.3 anteriores a 7.3.1
An Improper Certificate Validation vulnerability was found in LibreOffice, where determining if a trusted author signed a macro was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. This flaw allows an adversary to create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user executing arbitrary code contained in the improperly trusted macros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-28 CVE Reserved
- 2022-07-25 CVE Published
- 2024-02-15 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305 | 2023-03-26 | |
| https://access.redhat.com/security/cve/CVE-2022-26305 | 2023-01-23 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2118611 | 2023-01-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | >= 7.2.0 < 7.2.7 Search vendor "Libreoffice" for product "Libreoffice" and version " >= 7.2.0 < 7.2.7" | - |
Affected
| ||||||
| Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | >= 7.3.0 < 7.3.2 Search vendor "Libreoffice" for product "Libreoffice" and version " >= 7.3.0 < 7.3.2" | - |
Affected
| ||||||