CVE-2015-1038 — Link Following in P7zip

Severity

5.8MEDIUMNVD

EPSS

3.2%

top 13.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 21

Latest updateMay 17

Description

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

▶Debian7-zip/p7zip< 9.20.1~dfsg.1-4.2+2

▶NVD7-zip/p7zip9.20.1

▶NVDoracle/solaris10.0, 11.2+1

Also affects: Fedora 22, 23

GHSA

GHSA-f24r-hqqw-w96v: p7zip 9↗2022-05-17

▶

OSV

CVE-2015-1038: p7zip 9↗2015-01-21

▶

CVEList

CVE-2015-1038: p7zip 9↗2015-01-21

▶

Debian

CVE-2015-1038: p7zip - p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink a...↗2015

▶

Bugzilla

CVE-2015-1038 p7zip: directory traversal vulnerability↗2015-01-06

▶