CVE-2015-0557

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
Configurations

Configuration 1 (hide)

cpe:2.3:a:arj_software:arj_archiver:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

History

21 Nov 2024, 02:23

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html - () http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html - () http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html - () http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html -
References () http://www.debian.org/security/2015/dsa-3213 - () http://www.debian.org/security/2015/dsa-3213 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2015:201 - () http://www.mandriva.com/security/advisories?name=MDVSA-2015:201 -
References () http://www.openwall.com/lists/oss-security/2015/01/03/5 - () http://www.openwall.com/lists/oss-security/2015/01/03/5 -
References () http://www.openwall.com/lists/oss-security/2015/01/05/9 - () http://www.openwall.com/lists/oss-security/2015/01/05/9 -
References () http://www.securityfocus.com/bid/71895 - () http://www.securityfocus.com/bid/71895 -
References () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435 - Exploit () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435 - Exploit
References () https://security.gentoo.org/glsa/201612-15 - () https://security.gentoo.org/glsa/201612-15 -

Information

Published : 2015-04-08 18:59

Updated : 2024-11-21 02:23


NVD link : CVE-2015-0557

Mitre link : CVE-2015-0557

CVE.ORG link : CVE-2015-0557


JSON object : View

Products Affected

arj_software

  • arj_archiver

fedoraproject

  • fedora
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')