Описание
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.0.10-1ubuntu0.18.04.1 |
| cosmic | ignored | end of life |
| devel | released | 1.0.12-1 |
| disco | released | 1.0.10-1ubuntu0.19.04.2 |
| eoan | released | 1.0.12-1 |
| esm-apps/bionic | released | 1.0.10-1ubuntu0.18.04.1 |
| esm-apps/focal | released | 1.0.12-1 |
| esm-apps/jammy | released | 1.0.12-1 |
| esm-apps/xenial | released | 0.1.24-1ubuntu0.16.04.1~esm1 |
| esm-infra-legacy/trusty | released | 0.1.24-1ubuntu0.14.04.1~esm1 |
Показывать по
EPSS
6.4 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extra ...
EPSS
6.4 Medium
CVSS2
7.5 High
CVSS3