CVE-2015-0557
N/A
N/A
Summary
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:201
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html
- http://www.openwall.com/lists/oss-security/2015/01/05/9
- https://security.gentoo.org/glsa/201612-15
- http://www.openwall.com/lists/oss-security/2015/01/03/5
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html
- http://www.debian.org/security/2015/dsa-3213
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html
- http://www.securityfocus.com/bid/71895
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:201
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html
- http://www.openwall.com/lists/oss-security/2015/01/05/9
- https://security.gentoo.org/glsa/201612-15
- http://www.openwall.com/lists/oss-security/2015/01/03/5
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html
- http://www.debian.org/security/2015/dsa-3213
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html
- http://www.securityfocus.com/bid/71895
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.