Lucene search

K

[email protected]NVD:CVE-2013-5648

HistoryAug 29, 2013 - 12:07 p.m.

CVE-2013-5648

2013-08-2912:07:56

CWE-22

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.

Affected configurations

NVD

Node

idid-softwareMatch3.7

OR

idid-softwareMatch3.7.1

OR

idlibdigidocMatch3.6.0.0

References

svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markup

www.id.ee/?lang=en&id=34283#3_7_2

bugs.mageia.org/show_bug.cgi?id=11100

bugzilla.redhat.com/show_bug.cgi?id=1002299

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

Related for NVD:CVE-2013-5648

fedora1 prion1 debiancve1 nessus2 cve1 securityvulns2 cvelist1 ubuntucve1 mageia1 openvas1