PT-2011-5022 · Widelands · Widelands
Ansgar Burchardt
·
Publicado
2011-12-05
·
Atualizado
2021-06-25
·
CVE-2011-4675
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Widelands versions prior to 15.1
Description
The pathname canonicalization functionality in Widelands does not properly restrict the use of leading ~ (tilde) characters in strings received from the network, potentially allowing remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname used for a file transfer in an Internet game.
Recommendations
For versions prior to 15.1, update to version 15.1 or later to resolve the issue.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Widelands