Описание
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| karchive | fixed | 5.24.0-1 | package | |
| kde4libs | fixed | 4:4.14.22-2 | package |
Примечания
The fix for 4:4.14.22-1 was incomplete, cf.
https://lists.debian.org/debian-lts/2016/07/msg00144.html
Fix: https://git.reviewboard.kde.org/r/128185/
EPSS
Связанные уязвимости
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
EPSS