CVE-2017-9270

Опубликовано: 01 мар. 2018

Источник: nvd

CVSS3: 8.7

CVSS3: 9.1

CVSS2: 8.5

EPSS Низкий

Описание

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.

Ссылки

https://bugzilla.suse.com/show_bug.cgi?id=1041963
https://lists.opensuse.org/opensuse-security-announce/2017-07/msg00022.html
https://www.suse.com/de-de/security/cve/CVE-2017-9270/
https://bugzilla.suse.com/show_bug.cgi?id=1041963
https://lists.opensuse.org/opensuse-security-announce/2017-07/msg00022.html
https://www.suse.com/de-de/security/cve/CVE-2017-9270/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opensuse:cryptctl:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00495

Низкий

8.7 High

CVSS3

9.1 Critical

CVSS3

8.5 High

CVSS2

Дефекты

CWE-22

CWE-20

Связанные уязвимости

SUSE-SU-2017:1865-1

suse-cvrf

больше 8 лет назад

Security update for cryptctl

GHSA-whc2-8cpp-f5cp

CVSS3: 9.1

github

больше 3 лет назад

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.

EPSS

Процентиль: 65%

0.00495

Низкий

8.7 High

CVSS3

9.1 Critical

CVSS3

8.5 High

CVSS2

Дефекты

CWE-22

CWE-20