{"id":"UBUNTU-CVE-2023-54342","details":"Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.","modified":"2026-05-20T16:08:22.769155647Z","published":"2026-05-05T12:16:00Z","upstream":["CVE-2023-54342"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-54342"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-54342"}],"affected":[{"package":{"name":"eclipse-equinox","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/eclipse-equinox?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.26-4","4.26-4build1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2.800+eclipse4.26-4build1","binary_name":"libeclipse-osgi-compatibility-state-java"},{"binary_version":"3.18.200+eclipse4.26-4build1","binary_name":"libeclipse-osgi-java"},{"binary_version":"3.11.100+eclipse4.26-4build1","binary_name":"libeclipse-osgi-services-java"},{"binary_version":"1.6.200+eclipse4.26-4build1","binary_name":"libequinox-app-java"},{"binary_version":"1.4.200+eclipse4.26-4build1","binary_name":"libequinox-bidi-java"},{"binary_version":"1.5.100+eclipse4.26-4build1","binary_name":"libequinox-cm-java"},{"binary_version":"3.17.0+eclipse4.26-4build1","binary_name":"libequinox-common-java"},{"binary_version":"1.2.100+eclipse4.26-4build1","binary_name":"libequinox-concurrent-java"},{"binary_version":"1.4.500+eclipse4.26-4build1","binary_name":"libequinox-console-java"},{"binary_version":"1.5.100+eclipse4.26-4build1","binary_name":"libequinox-coordinator-java"},{"binary_version":"1.1.300+eclipse4.26-4build1","binary_name":"libequinox-device-java"},{"binary_version":"1.6.100+eclipse4.26-4build1","binary_name":"libequinox-event-java"},{"binary_version":"3.8.1900+eclipse4.26-4build1","binary_name":"libequinox-executable-jni"},{"binary_version":"3.8.200+eclipse4.26-4build1","binary_name":"libequinox-http-jetty-java"},{"binary_version":"1.3.200+eclipse4.26-4build1","binary_name":"libequinox-http-registry-java"},{"binary_version":"1.7.400+eclipse4.26-4build1","binary_name":"libequinox-http-servlet-java"},{"binary_version":"1.2.200+eclipse4.26-4build1","binary_name":"libequinox-http-servletbridge-java"},{"binary_version":"1.1.700+eclipse4.26-4build1","binary_name":"libequinox-jsp-jasper-java"},{"binary_version":"1.2.100+eclipse4.26-4build1","binary_name":"libequinox-jsp-jasper-registry-java"},{"binary_version":"1.6.400+eclipse4.26-4build1","binary_name":"libequinox-launcher-java"},{"binary_version":"1.6.200+eclipse4.26-4build1","binary_name":"libequinox-metatype-java"},{"binary_version":"3.10.100+eclipse4.26-4build1","binary_name":"libequinox-preferences-java"},{"binary_version":"1.5.300+eclipse4.26-4build1","binary_name":"libequinox-region-java"},{"binary_version":"3.11.200+eclipse4.26-4build1","binary_name":"libequinox-registry-java"},{"binary_version":"1.3.1000+eclipse4.26-4build1","binary_name":"libequinox-security-java"},{"binary_version":"1.3.400+eclipse4.26-4build1","binary_name":"libequinox-security-ui-java"},{"binary_version":"1.6.200+eclipse4.26-4build1","binary_name":"libequinox-servletbridge-java"},{"binary_version":"1.3.200+eclipse4.26-4build1","binary_name":"libequinox-transforms-hook-java"},{"binary_version":"1.2.200+eclipse4.26-4build1","binary_name":"libequinox-transforms-xslt-java"},{"binary_version":"1.2.300+eclipse4.26-4build1","binary_name":"libequinox-useradmin-java"},{"binary_version":"1.2.200+eclipse4.26-4build1","binary_name":"libequinox-weaving-caching-java"},{"binary_version":"1.3.200+eclipse4.26-4build1","binary_name":"libequinox-weaving-hook-java"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-54342.json"}},{"package":{"name":"eclipse-equinox","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/eclipse-equinox?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.29-1","4.29-2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2.800+eclipse4.29-2","binary_name":"libeclipse-osgi-compatibility-state-java"},{"binary_version":"3.18.500+eclipse4.29-2","binary_name":"libeclipse-osgi-java"},{"binary_version":"3.11.100+eclipse4.29-2","binary_name":"libeclipse-osgi-services-java"},{"binary_version":"1.6.300+eclipse4.29-2","binary_name":"libequinox-app-java"},{"binary_version":"1.4.300+eclipse4.29-2","binary_name":"libequinox-bidi-java"},{"binary_version":"1.5.200+eclipse4.29-2","binary_name":"libequinox-cm-java"},{"binary_version":"3.18.100+eclipse4.29-2","binary_name":"libequinox-common-java"},{"binary_version":"1.2.100+eclipse4.29-2","binary_name":"libequinox-concurrent-java"},{"binary_version":"1.4.500+eclipse4.29-2","binary_name":"libequinox-console-java"},{"binary_version":"1.5.200+eclipse4.29-2","binary_name":"libequinox-coordinator-java"},{"binary_version":"1.1.400+eclipse4.29-2","binary_name":"libequinox-device-java"},{"binary_version":"1.6.200+eclipse4.29-2","binary_name":"libequinox-event-java"},{"binary_version":"3.8.2200+eclipse4.29-2","binary_name":"libequinox-executable-jni"},{"binary_version":"3.8.300+eclipse4.29-2","binary_name":"libequinox-http-jetty-java"},{"binary_version":"1.3.300+eclipse4.29-2","binary_name":"libequinox-http-registry-java"},{"binary_version":"1.7.400+eclipse4.29-2","binary_name":"libequinox-http-servlet-java"},{"binary_version":"1.2.200+eclipse4.29-2","binary_name":"libequinox-http-servletbridge-java"},{"binary_version":"1.1.700+eclipse4.29-2","binary_name":"libequinox-jsp-jasper-java"},{"binary_version":"1.2.100+eclipse4.29-2","binary_name":"libequinox-jsp-jasper-registry-java"},{"binary_version":"1.6.500+eclipse4.29-2","binary_name":"libequinox-launcher-java"},{"binary_version":"1.6.300+eclipse4.29-2","binary_name":"libequinox-metatype-java"},{"binary_version":"3.10.300+eclipse4.29-2","binary_name":"libequinox-preferences-java"},{"binary_version":"1.5.300+eclipse4.29-2","binary_name":"libequinox-region-java"},{"binary_version":"3.11.300+eclipse4.29-2","binary_name":"libequinox-registry-java"},{"binary_version":"1.4.0+eclipse4.29-2","binary_name":"libequinox-security-java"},{"binary_version":"1.4.0+eclipse4.29-2","binary_name":"libequinox-security-ui-java"},{"binary_version":"1.6.300+eclipse4.29-2","binary_name":"libequinox-servletbridge-java"},{"binary_version":"1.3.300+eclipse4.29-2","binary_name":"libequinox-transforms-hook-java"},{"binary_version":"1.2.300+eclipse4.29-2","binary_name":"libequinox-transforms-xslt-java"},{"binary_version":"1.2.400+eclipse4.29-2","binary_name":"libequinox-useradmin-java"},{"binary_version":"1.2.300+eclipse4.29-2","binary_name":"libequinox-weaving-caching-java"},{"binary_version":"1.3.200+eclipse4.29-2","binary_name":"libequinox-weaving-hook-java"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-54342.json"}},{"package":{"name":"eclipse-equinox","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/eclipse-equinox?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.29-2","4.29-2build1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2.800+eclipse4.29-2build1","binary_name":"libeclipse-osgi-compatibility-state-java"},{"binary_version":"3.18.500+eclipse4.29-2build1","binary_name":"libeclipse-osgi-java"},{"binary_version":"3.11.100+eclipse4.29-2build1","binary_name":"libeclipse-osgi-services-java"},{"binary_version":"1.6.300+eclipse4.29-2build1","binary_name":"libequinox-app-java"},{"binary_version":"1.4.300+eclipse4.29-2build1","binary_name":"libequinox-bidi-java"},{"binary_version":"1.5.200+eclipse4.29-2build1","binary_name":"libequinox-cm-java"},{"binary_version":"3.18.100+eclipse4.29-2build1","binary_name":"libequinox-common-java"},{"binary_version":"1.2.100+eclipse4.29-2build1","binary_name":"libequinox-concurrent-java"},{"binary_version":"1.4.500+eclipse4.29-2build1","binary_name":"libequinox-console-java"},{"binary_version":"1.5.200+eclipse4.29-2build1","binary_name":"libequinox-coordinator-java"},{"binary_version":"1.1.400+eclipse4.29-2build1","binary_name":"libequinox-device-java"},{"binary_version":"1.6.200+eclipse4.29-2build1","binary_name":"libequinox-event-java"},{"binary_version":"3.8.2200+eclipse4.29-2build1","binary_name":"libequinox-executable-jni"},{"binary_version":"3.8.300+eclipse4.29-2build1","binary_name":"libequinox-http-jetty-java"},{"binary_version":"1.3.300+eclipse4.29-2build1","binary_name":"libequinox-http-registry-java"},{"binary_version":"1.7.400+eclipse4.29-2build1","binary_name":"libequinox-http-servlet-java"},{"binary_version":"1.2.200+eclipse4.29-2build1","binary_name":"libequinox-http-servletbridge-java"},{"binary_version":"1.1.700+eclipse4.29-2build1","binary_name":"libequinox-jsp-jasper-java"},{"binary_version":"1.2.100+eclipse4.29-2build1","binary_name":"libequinox-jsp-jasper-registry-java"},{"binary_version":"1.6.500+eclipse4.29-2build1","binary_name":"libequinox-launcher-java"},{"binary_version":"1.6.300+eclipse4.29-2build1","binary_name":"libequinox-metatype-java"},{"binary_version":"3.10.300+eclipse4.29-2build1","binary_name":"libequinox-preferences-java"},{"binary_version":"1.5.300+eclipse4.29-2build1","binary_name":"libequinox-region-java"},{"binary_version":"3.11.300+eclipse4.29-2build1","binary_name":"libequinox-registry-java"},{"binary_version":"1.4.0+eclipse4.29-2build1","binary_name":"libequinox-security-java"},{"binary_version":"1.4.0+eclipse4.29-2build1","binary_name":"libequinox-security-ui-java"},{"binary_version":"1.6.300+eclipse4.29-2build1","binary_name":"libequinox-servletbridge-java"},{"binary_version":"1.3.300+eclipse4.29-2build1","binary_name":"libequinox-transforms-hook-java"},{"binary_version":"1.2.300+eclipse4.29-2build1","binary_name":"libequinox-transforms-xslt-java"},{"binary_version":"1.2.400+eclipse4.29-2build1","binary_name":"libequinox-useradmin-java"},{"binary_version":"1.2.300+eclipse4.29-2build1","binary_name":"libequinox-weaving-caching-java"},{"binary_version":"1.3.200+eclipse4.29-2build1","binary_name":"libequinox-weaving-hook-java"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-54342.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"type":"Ubuntu","score":"medium"}]}