CVE-2017-5330 — OS Command Injection in ARK

CWE-78 — OS Command Injection8 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 33.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE ARK Fedoraproject Fedora

Timeline

PublishedMar 27

Latest updateMay 17

Description

ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debiankde/ark< 4:16.08.3-2+3

▶NVDkde/ark16.12

Also affects: Fedora 25

Patches

Patch: www.openwall.com ↗Patch: bugs.kde.org ↗Patch: cgit.kde.org ↗

🔴Vulnerability Details

GHSA

GHSA-fvqq-96pq-qq6m: ark before 16↗2022-05-17

▶

CVEList

CVE-2017-5330: ark before 16↗2017-03-27

▶

OSV

CVE-2017-5330: ark before 16↗2017-03-27

▶

📋Vendor Advisories

Red Hat

ark: Unintended execution of scripts and executable files↗2017-01-10

▶

Debian

CVE-2017-5330: ark - ark before 16.12.1 might allow remote attackers to execute arbitrary code via an...↗2017

▶

💬Community

Bugzilla

CVE-2017-5330 ark: Unintended execution of scripts and executable files↗2017-01-10

▶

Bugzilla

CVE-2017-5330 ark: Unintended execution of scripts and executable files [fedora-all]↗2017-01-10

▶