PT-2011-5022 · Widelands · Widelands
Ansgar Burchardt
·
Published
2011-12-05
·
Updated
2021-06-25
·
CVE-2011-4675
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Widelands versions prior to 15.1
Description
The pathname canonicalization functionality in Widelands does not properly restrict the use of leading ~ (tilde) characters in strings received from the network, potentially allowing remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname used for a file transfer in an Internet game.
Recommendations
For versions prior to 15.1, update to version 15.1 or later to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Widelands