CVE-2017-13709 — Improper Input Validation in Flightgear

CWE-20 — Improper Input Validation6 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 66.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flightgear Debian Flightgear

Timeline

PublishedAug 27

Latest updateMay 17

Description

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/flightgear< flightgear 1:2017.2.1+dfsg-4 (bookworm)

▶Debianflightgear/flightgear< 1:2017.2.1+dfsg-4+3

▶NVDflightgear/flightgear2017.2.1

🔴Vulnerability Details

GHSA

GHSA-v6cf-m8q2-vx93: In FlightGear before version 2017↗2022-05-17

▶

OSV

CVE-2017-13709: In FlightGear before version 2017↗2017-08-27

▶

📋Vendor Advisories

Debian

CVE-2017-13709: flightgear - In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem...↗2017

▶

💬Community

Bugzilla

CVE-2017-13709 flightgear: Arbitrary file overwrite via resource affecting global Property Tree [fedora-all]↗2017-08-28

▶

Bugzilla

CVE-2017-13709 flightgear: Arbitrary file overwrite via resource affecting global Property Tree↗2017-08-28

▶