CVE-2024-10389

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Safearchive versions prior to commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc

Description The issue is related to a Path Traversal vulnerability in Safearchive on platforms with case-insensitive filesystems, such as NTFS. This vulnerability allows attackers to write arbitrary files via archive extraction containing symbolic links.

Recommendations For versions prior to commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc, upgrade past this commit to resolve the issue. As a temporary workaround, consider restricting the use of archive extraction containing symbolic links until a patch is available.

Fix

Uncontrolled Search Path Element

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427CWE-22

Related Identifiers

BDU:2025-02256

CVE-2024-10389

GHSA-Q3RP-VVM7-J8JG

GO-2024-3251

OPENSUSE-SU-2024:14470-1

OPENSUSE-SU-2024_4042-1

SUSE-SU-2024:4042-1

Affected Products

Safearchive

Suse

CVE-2024-10389

Weakness Enumeration

Related Identifiers

Affected Products

References · 25