PT-2015-5153 · None+2 · Pigz+2

Alexander Cherepanov

Published

2015-01-21

Updated

2016-12-03

CVE-2015-1191

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions pigz version 2.3.1

Description The issue allows remote attackers to write to arbitrary files via a full pathname or .. (dot dot) in an archive, potentially leading to unauthorized file access or modification.

Recommendations For pigz version 2.3.1, update to a newer version that contains a fix for this issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2016-2059

CVE-2015-1191

MGASA-2016-0104

SUSE-SU-2015:0670-1

SUSE-SU-2015:0716-1

SUSE-SU-2015_0670-1

Affected Products

Alt Linux

Suse

Pigz

PT-2015-5153 · None+2 · Pigz+2

CVE-2015-1191

Weakness Enumeration

Related Identifiers

Affected Products

References · 26