CVE-2004-0916 — Path Traversal in Project Cabextract

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.9%

top 16.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cabextract Project Cabextract

Timeline

PublishedJan 27

Latest updateApr 29

Description

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiancabextract_project/cabextract< 1.1-1+3

▶NVDcabextract_project/cabextract0.2, 0.6, 1.0+2

Patches

Patch: secunia.com ↗Patch: www.debian.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-3c6r-mr2w-qgv5: Directory traversal vulnerability in cabextract before 1↗2022-04-29

▶

OSV

CVE-2004-0916: Directory traversal vulnerability in cabextract before 1↗2005-01-27

▶

CVEList

CVE-2004-0916: Directory traversal vulnerability in cabextract before 1↗2004-11-19

▶

📋Vendor Advisories

Debian

CVE-2004-0916: cabextract - Directory traversal vulnerability in cabextract before 1.1 allows remote attacke...↗2004

▶