Lucene search

DebianCVELIST:CVE-2015-0557

HistoryApr 08, 2015 - 6:00 p.m.

CVE-2015-0557

2015-04-0818:00:00

debian

www.cve.org

6.5 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.7%

JSON

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

References

lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html

www.debian.org/security/2015/dsa-3213

www.mandriva.com/security/advisories?name=MDVSA-2015:201

www.openwall.com/lists/oss-security/2015/01/03/5

www.openwall.com/lists/oss-security/2015/01/05/9

www.securityfocus.com/bid/71895

bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435

security.gentoo.org/glsa/201612-15