Lucene search
GoogleOSV:GHSA-28XP-G7F6-7MHFHistoryMay 14, 2022 - 3:49 a.m.
Syncthing vulnerable to symlink traversal and arbitrary file overwrite
2022-05-1403:49:59
Google
osv.dev
5
syncthing
symlink traversal
arbitrary file overwrite
version 0.14.33
software security
Syncthing version 0.14.33 and older erronously versions symlinks when they are deleted. If a directory is then created with the same name, a file created in that directory, and the file deleted, it is moved into the symlink target. This can lead to symlink traversal resulting in arbitrary file overwrite.
Related
nvd
nvd
CVE-2017-1000420
2018-01-02 19:29:00
osv
osv
CVE-2017-1000420
2018-01-02 19:29:00
nessus
nessus
openSUSE Security Update : syncthing (openSUSE-2018-45)
2018-01-16 00:00:00
prion
prion
Design/Logic Flaw
2018-01-02 19:29:00
ubuntucve
ubuntucve
CVE-2017-1000420
2018-01-02 00:00:00
debiancve
debiancve
CVE-2017-1000420
2018-01-02 19:29:00
cvelist
cvelist
CVE-2017-1000420
2018-01-02 19:00:00
github
github
Syncthing vulnerable to symlink traversal and arbitrary file overwrite
2022-05-14 03:49:59
cve
cve
CVE-2017-1000420
2018-01-02 19:29:00