Lucene search
GoogleOSV:DLA-188-1HistoryApr 08, 2015 - 12:00 a.m.
arj - security update
2015-04-0800:00:00
Google
osv.dev
5
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
88.5%
Multiple vulnerabilities have been discovered in arj, an open source
version of the arj archiver. The Common Vulnerabilities and Exposures
project identifies the following problems:
- CVE-2015-0556
Jakub Wilk discovered that arj follows symlinks created during
unpacking of an arj archive. A remote attacker could use this flaw
to perform a directory traversal attack if a user or automated
system were tricked into processing a specially crafted arj archive. - CVE-2015-0557
Jakub Wilk discovered that arj does not sufficiently protect from
directory traversal while unpacking an arj archive containing file
paths with multiple leading slashes. A remote attacker could use
this flaw to write to arbitrary files if a user or automated system
were tricked into processing a specially crafted arj archive. - CVE-2015-2782
Jakub Wilk and Guillem Jover discovered a buffer overflow
vulnerability in arj. A remote attacker could use this flaw to cause
an application crash or, possibly, execute arbitrary code with the
privileges of the user running arj.
References
Related
debian
debian
[SECURITY] [DLA 188-1] arj security update
2015-04-08 16:15:28
[SECURITY] [DSA 3213-1] arj security update
2015-04-06 15:45:26
[SECURITY] [DSA 3213-1] arj security update
2015-04-06 15:45:07
openvas
openvas
Debian: Security Advisory (DLA-188-1)
2023-03-08 00:00:00
Fedora Update for arj FEDORA-2015-5546
2015-04-14 00:00:00
Mageia: Security Advisory (MGASA-2015-0150)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: arj-3.10.22-22.fc22
2015-04-21 18:34:17
[SECURITY] Fedora 21 Update: arj-3.10.22-22.fc21
2015-04-10 07:27:48
[SECURITY] Fedora 20 Update: arj-3.10.22-22.fc20
2015-04-13 07:01:02
nessus
nessus
Debian DSA-3213-1 : arj - security update
2015-04-07 00:00:00
Mandriva Linux Security Advisory : arj (MDVSA-2015:201)
2015-04-13 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3213-1] arj security update
2015-04-07 00:00:00
arj multiple security vulnerabilities
2015-04-07 00:00:00
osv
osv
arj - security update
2015-04-06 00:00:00
freebsd
freebsd
arj -- multiple vulnerabilities
2015-04-08 00:00:00
gentoo
gentoo
ARJ: Multiple vulnerabilities
2016-12-06 00:00:00
kaspersky
kaspersky
KLA10539 Multiple vulnerabilities in Open-source ARJ archiver
2015-04-08 00:00:00
mageia
mageia
Updated arj packages fix security vulnerabilities
2015-04-15 12:01:28
prion
prion
Path traversal
2015-04-08 18:59:00
Directory traversal
2015-04-08 18:59:00
Buffer overflow
2015-04-08 18:59:00
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
cvelist
cvelist
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
88.5%
Related for OSV:DLA-188-1