CVE-2011-4675
N/A
N/A
Summary
The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71626
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
References
- http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71626
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.