CVE-2014-9447
published 2015-01-02CVE-2014-9447: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to…
medium6.4CVSS 3.1
AVNACLAuNCNIPAP
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | elfutils | < elfutils 0.159-4.1 (bookworm) | elfutils 0.159-4.1 (bookworm) |
| elfutils_project | elfutils | — | — |
| elfutils_project | elfutils | — | — |
| elfutils_project | elfutils | >= 0 < 0.159-4.1 | 0.159-4.1 |
| elfutils_project | elfutils | >= 0 < 0.159-4.1 | 0.159-4.1 |
| elfutils_project | elfutils | >= 0 < 0.159-4.1 | 0.159-4.1 |
| elfutils_project | elfutils | >= 0 < 0.159-4.1 | 0.159-4.1 |
CVSS provenance
nvd6.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM