CVE-2017-14804

Summary

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

Affected Software

VendorProductVersion RangeStatus
SUSEbuildunspecified <= 20171128affected

Weaknesses

  • Insufficient pathname checking could use to bypass directory restrictions.
  • CWE-22: CWE-22

ADP Enrichment

CVE Program Container

Additional References

References