Описание
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Vendor Advisory
- Broken Link
- ExploitMailing ListThird Party Advisory
- Mailing ListMitigationThird Party Advisory
- Mailing ListMitigationThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Vendor Advisory
- Broken Link
- ExploitMailing ListThird Party Advisory
- Mailing ListMitigationThird Party Advisory
- Mailing ListMitigationThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
cabextract before 1.6 does not properly check for leading slashes when ...
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2