PT-2015-4716 · Arj+1 · Arj Archiver+1

Jakub Wilk

Published

2015-04-06

Updated

2022-11-13

CVE-2015-0556

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Open-source ARJ archiver version 3.10.22

Description The issue allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.

Recommendations For version 3.10.22, consider avoiding the use of ARJ archives from untrusted sources until a patch is available. As a temporary workaround, restrict access to the ARJ archiver to minimize the risk of exploitation.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALT-PU-2022-2889

ALT-PU-2022-2941

ALT-PU-2022-3067

CVE-2015-0556

DLA-188-1

DSA-3213-1

MGASA-2015-0150

Affected Products

Alt Linux

Arj Archiver

PT-2015-4716 · Arj+1 · Arj Archiver+1

CVE-2015-0556

Weakness Enumeration

Related Identifiers

Affected Products

References · 30