CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, © /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1) apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | apertium | < 3.0.7+1-1.1 | apertium_3.0.7+1-1.1_all.deb |
Debian | 11 | all | apertium | < 3.0.7+1-1.1 | apertium_3.0.7+1-1.1_all.deb |
Debian | 999 | all | apertium | < 3.0.7+1-1.1 | apertium_3.0.7+1-1.1_all.deb |
Debian | 13 | all | apertium | < 3.0.7+1-1.1 | apertium_3.0.7+1-1.1_all.deb |