Lucene search

[email protected]CVE-2013-5648

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-5648

2022-10-0316:14:56

CWE-22

[email protected]

web.nvd.nist.gov

cve

2013

5648

absolute path traversal

digidocsaxparser

libdigidoc

id-software

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.

Affected configurations

NVD

Node

idid-softwareMatch3.7

idid-softwareMatch3.7.1

idlibdigidocMatch3.6.0.0

CPENameOperatorVersion
id:id-softwareid id-softwareeq3.7
id:id-softwareid id-softwareeq3.7.1
id:libdigidocid libdigidoceq3.6.0.0

CPE	Name	Operator	Version
id:id-software	id id-software	eq	3.7
id:id-software	id id-software	eq	3.7.1
id:libdigidoc	id libdigidoc	eq	3.6.0.0

References

svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markup

www.id.ee/?lang=en&id=34283#3_7_2

bugs.mageia.org/show_bug.cgi?id=11100

bugzilla.redhat.com/show_bug.cgi?id=1002299

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for CVE-2013-5648

nessus2 nvd1 fedora1 prion1 debiancve1 ubuntucve1 mageia1 securityvulns2 openvas1 cvelist1