CVE-2015-1038

2015-01-2118:59:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2015-1038

p7zip

symlink attack

vulnerability

nvd

6.4 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.024 Low

EPSS

Percentile

90.0%

JSON

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq22
fedoraproject:fedorafedoraproject fedoraeq23
oracle:solarisoracle solariseq10.0
oracle:solarisoracle solariseq11.2
7-zip:p7zip7-zip p7zipeq9.20.1

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	22
fedoraproject:fedora	fedoraproject fedora	eq	23
oracle:solaris	oracle solaris	eq	10.0
oracle:solaris	oracle solaris	eq	11.2
7-zip:p7zip	7-zip p7zip	eq	9.20.1