CVE-2008-5984 — DIA vulnerability

6 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 79.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

DIA Debian DIA

Timeline

PublishedJan 28

Latest updateMay 17

Description

Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/dia< dia 0.96.1-7.1 (bookworm)

▶Debiandia/dia< 0.96.1-7.1+3

▶NVDdia/dia0.96.1

🔴Vulnerability Details

GHSA

GHSA-7fpg-fmpq-xxg2: Untrusted search path vulnerability in the Python plugin in Dia 0↗2022-05-17

▶

OSV

CVE-2008-5984: Untrusted search path vulnerability in the Python plugin in Dia 0↗2009-01-28

▶

📋Vendor Advisories

Red Hat

dia: untrusted python modules search path↗2008-11-02

▶

Debian

CVE-2008-5984: dia - Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and poss...↗2008

▶

💬Community

Bugzilla

CVE-2008-5984 dia: untrusted python modules search path↗2009-01-26

▶