CVE-2023-50255
9.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Summary
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| linuxdeepin | developer-center | < 5.12.21 | affected |
Weaknesses
- CWE-23: CWE-23: Relative Path Traversal
- CWE-26: CWE-26: Path Traversal: '/dir/../filename'
- CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2
- https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6
References
- https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2
- https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.