Lucene search

PRIOn knowledge basePRION:CVE-2015-2060

HistoryNov 29, 2019 - 9:15 p.m.

Directory traversal

2019-11-2921:15:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.1%

JSON

cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.

CPENameOperatorVersion
cabextractlt1.6

CPE	Name	Operator	Version
	cabextract	lt	1.6

References

www.cabextract.org.uk/

www.mandriva.com/security/advisories?name=MDVSA-2015:064

www.openwall.com/lists/oss-security/2015/02/18/3

www.openwall.com/lists/oss-security/2015/02/23/16

www.openwall.com/lists/oss-security/2015/02/23/24

lists.fedoraproject.org/pipermail/package-announce/2015-March/151145.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/151147.html