CVE-2011-4675

EPSS 1.34%
Published 05.12.2011 11:55:07
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Widelands ≫ Widelands Version- Updatebuild1

Widelands ≫ Widelands Version- Updatebuild10

Widelands ≫ Widelands Version- Updatebuild10_release_candidate

Widelands ≫ Widelands Version- Updatebuild11

Widelands ≫ Widelands Version- Updatebuild11_release_candidate

Widelands ≫ Widelands Version- Updatebuild12

Widelands ≫ Widelands Version- Updatebuild12_release_candidate

Widelands ≫ Widelands Version- Updatebuild13

Widelands ≫ Widelands Version- Updatebuild13_release_candidate

Widelands ≫ Widelands Version- Updatebuild13_release_candidate2

Widelands ≫ Widelands Version- Updatebuild14

Widelands ≫ Widelands Version- Updatebuild14_release_candidate

Widelands ≫ Widelands Version- Updatebuild2

Widelands ≫ Widelands Version- Updatebuild3

Widelands ≫ Widelands Version- Updatebuild4

Widelands ≫ Widelands Version- Updatebuild5

Widelands ≫ Widelands Version- Updatebuild6

Widelands ≫ Widelands Version- Updatebuild7

Widelands ≫ Widelands Version- Updatebuild8

Widelands ≫ Widelands Version- Updatebuild9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.34%	0.791

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021

Patch

Third Party Advisory

Release Notes

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960

Third Party Advisory

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/71626

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2011-4675

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4675

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4675

EUVD