5
CVE-2013-4668
- EPSS 4.31%
- Veröffentlicht 18.07.2013 16:51:40
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
File Roller Project ≫ File Roller SwPlatformgnome Version >= 3.6.0 < 3.6.4
File Roller Project ≫ File Roller SwPlatformgnome Version >= 3.8.0 < 3.8.3
File Roller Project ≫ File Roller SwPlatformgnome Version >= 3.9.1 < 3.9.3
Canonical ≫ Ubuntu Linux Version12.10
Canonical ≫ Ubuntu Linux Version13.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.31% | 0.899 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html
http://secunia.com/advisories/54351
http://www.ocert.org/advisories/ocert-2013-001.html
http://www.securityfocus.com/bid/61008
http://www.ubuntu.com/usn/USN-1906-1
https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631