Lucene search

FreeBSDCFB12F02-06E1-11E5-8FDA-002590263BF5

HistoryFeb 18, 2015 - 12:00 a.m.

cabextract -- directory traversal with UTF-8 symbols in filenames

2015-02-1800:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Cabextract ChangeLog reports:

It was possible for cabinet files to extract to absolute file
locations, and it was possible on Cygwin to get around cabextract’s
absolute and relative path protections by using backslashes.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchcabextract< 1.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	cabextract	< 1.6	UNKNOWN

References

www.cabextract.org.uk/#changes

www.openwall.com/lists/oss-security/2015/02/18/3

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CFB12F02-06E1-11E5-8FDA-002590263BF5