CVE-2011-4675

EPSS 1.34%
Veröffentlicht 05.12.2011 11:55:07
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Widelands ≫ Widelands Version- Updatebuild1

Widelands ≫ Widelands Version- Updatebuild10

Widelands ≫ Widelands Version- Updatebuild10_release_candidate

Widelands ≫ Widelands Version- Updatebuild11

Widelands ≫ Widelands Version- Updatebuild11_release_candidate

Widelands ≫ Widelands Version- Updatebuild12

Widelands ≫ Widelands Version- Updatebuild12_release_candidate

Widelands ≫ Widelands Version- Updatebuild13

Widelands ≫ Widelands Version- Updatebuild13_release_candidate

Widelands ≫ Widelands Version- Updatebuild13_release_candidate2

Widelands ≫ Widelands Version- Updatebuild14

Widelands ≫ Widelands Version- Updatebuild14_release_candidate

Widelands ≫ Widelands Version- Updatebuild2

Widelands ≫ Widelands Version- Updatebuild3

Widelands ≫ Widelands Version- Updatebuild4

Widelands ≫ Widelands Version- Updatebuild5

Widelands ≫ Widelands Version- Updatebuild6

Widelands ≫ Widelands Version- Updatebuild7

Widelands ≫ Widelands Version- Updatebuild8

Widelands ≫ Widelands Version- Updatebuild9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.34%	0.791

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021

Patch

Third Party Advisory

Release Notes

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960

Third Party Advisory

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/71626

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2011-4675

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4675

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4675

EUVD