PT-2017-3650 · Debian · Diffoscope

Ximin Luo

Published

2017-02-09

Updated

2024-06-15

CVE-2017-0359

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: diffoscope versions prior to 77

Description: The issue is related to a lack of necessary checks when analyzing archives, which can be exploited by a remote attacker to write data to arbitrary locations on disk using a specially crafted archive. This can potentially lead to unauthorized data modification.

Recommendations: For versions prior to 77, update to version 77 or later to resolve the issue. As a temporary workaround, consider restricting the use of diffoscope when analyzing untrusted archives until a patch is applied. Avoid using diffoscope to analyze archives from untrusted sources to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254CWE-22

Related Identifiers

BDU:2018-00770

CVE-2017-0359

GHSA-8P5C-F328-9FVV

OPENSUSE-SU-2024:10717-1

PYSEC-2018-83

Affected Products

Diffoscope

PT-2017-3650 · Debian · Diffoscope

CVE-2017-0359

Weakness Enumeration

Related Identifiers

Affected Products

References · 19