Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
References
Configurations
History
21 Nov 2024, 02:23
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html - | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html - | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html - | |
References | () http://www.debian.org/security/2015/dsa-3213 - | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2015:201 - | |
References | () http://www.openwall.com/lists/oss-security/2015/01/03/5 - | |
References | () http://www.openwall.com/lists/oss-security/2015/01/05/9 - | |
References | () http://www.securityfocus.com/bid/71895 - | |
References | () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435 - Exploit | |
References | () https://security.gentoo.org/glsa/201612-15 - |
Information
Published : 2015-04-08 18:59
Updated : 2024-11-21 02:23
NVD link : CVE-2015-0557
Mitre link : CVE-2015-0557
CVE.ORG link : CVE-2015-0557
JSON object : View
Products Affected
arj_software
- arj_archiver
fedoraproject
- fedora
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')