cbcvebase.
CVE-2015-1038
published 2015-01-21

CVE-2015-1038: p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

PriorityP339medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EPSS
3.29%
86.9th percentile
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

Affected

9 ranges
VendorProductVersion rangeFixed in
7-zipp7zip
7-zipp7zip>= 0 < 9.20.1~dfsg.1-4.29.20.1~dfsg.1-4.2
7-zipp7zip>= 0 < 9.20.1~dfsg.1-4.29.20.1~dfsg.1-4.2
7-zipp7zip>= 0 < 9.20.1~dfsg.1-4.29.20.1~dfsg.1-4.2
debianp7zip< p7zip 9.20.1~dfsg.1-4.2 (bookworm)p7zip 9.20.1~dfsg.1-4.2 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
oraclesolaris
oraclesolaris

CVSS provenance

nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
osv5.8MEDIUM
vendor_debian5.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.