PT-2018-5724 · Build+1 · Build+1

Published

2017-12-08

Updated

2019-10-09

CVE-2017-14804

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: build package versions prior to 20171128

Description: The issue allows untrusted builds to write outside of the target system, enabling escape out of buildroots, due to a lack of directory name checks during the extraction of build results.

Recommendations: For versions prior to 20171128, update to a version that includes the fix for this issue to prevent untrusted builds from writing outside the target system.

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-22

Related Identifiers

CVE-2017-14804

OPENSUSE-SU-2017_3259-1

OPENSUSE-SU-2019:0232-1

OPENSUSE-SU-2019_0232-1

OPENSUSE-SU-2024:10665-1

SUSE-SU-2017:3253-1

SUSE-SU-2018:0065-1

SUSE-SU-2019:0387-1

SUSE-SU-2019_0387-1

Affected Products

Suse

Build

PT-2018-5724 · Build+1 · Build+1

CVE-2017-14804

Weakness Enumeration

Related Identifiers

Affected Products

References · 34