CVE-2017-9270

Summary

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.

Affected Software

VendorProductVersion RangeStatus
SUSEcryptctlunspecified < 2.0affected

Weaknesses

  • A directory traversal due to insufficient parameter checking could allow malicious servers to get a cryptctl client overwrite and corrupt files outside of the key storage directory.
  • CWE-22: CWE-22

ADP Enrichment

CVE Program Container

Additional References

References