5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.028 Low
EPSS
Percentile
90.7%
LimeWire is a Java peer-to-peer client compatible with the Gnutella file-sharing protocol.
Two input validation errors were found in the handling of Gnutella GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789).
A remote attacker can craft a specific Gnutella GET request or use directory traversal on magnet requests to read arbitrary files on the system with the rights of the user running LimeWire.
There is no known workaround at this time.
All LimeWire users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/limewire-4.8.1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-p2p/limewire | < 4.8.1 | UNKNOWN |