Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0359Path Traversal in Builds Diffoscope

CWE-22Path Traversal9 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 31.86%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Reproducible Builds DiffoscopeDebian DiffoscopeDebian Linux
Timeline
PublishedApr 13
Latest updateJul 13

Description

diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5debian/diffoscopebefore 77

Also affects: Debian Linux 9.0

Patches

Patch: bugs.debian.orgPatch: bugs.debian.org

🔴Vulnerability Details

4
OSV
Diffoscope may write to arbitrary locations due to an untrusted archive2018-07-13
GHSA
Diffoscope may write to arbitrary locations due to an untrusted archive2018-07-13
CVEList
diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive2018-04-13
OSV
CVE-2017-0359: diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive2018-04-13

💥Exploits & PoCs

1
Exploit-DB
ntfs-3g (Debian 9) - Local Privilege Escalation2017-02-03

📋Vendor Advisories

1
Debian
CVE-2017-0359: diffoscope - diffoscope before 77 writes to arbitrary locations on disk based on the contents...2017

💬Community

2
Bugzilla
CVE-2017-0359 diffoscope: writes to arbitrary locations on disk based on the contents of an untrusted archive2017-02-13
Bugzilla
CVE-2017-0359 diffoscope: writes to arbitrary locations on disk based on the contents of an untrusted archive [fedora-all]2017-02-13
CVE-2017-0359 — Path Traversal in Builds Diffoscope | cvebase