Debian · Diffoscope · CVE-2017-0359
Name of the Vulnerable Software and Affected Versions:
diffoscope versions prior to 77
Description:
The issue is related to a lack of necessary checks when analyzing archives, which can be exploited by a remote attacker to write data to arbitrary locations on disk using a specially crafted archive. This can potentially lead to unauthorized data modification.
Recommendations:
For versions prior to 77, update to version 77 or later to resolve the issue. As a temporary workaround, consider restricting the use of diffoscope when analyzing untrusted archives until a patch is applied. Avoid using diffoscope to analyze archives from untrusted sources to minimize the risk of exploitation.