CVE-2024-10933

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenBSD versions 7.4 through 7.5 before errata 009 and 022

Description The issue arises from improper validation of readdir names, allowing unexpected directory traversal on untrusted file systems when a '/' is encountered. This can be mitigated by excluding any '/' in readdir name validation.

Recommendations For OpenBSD version 7.4, apply errata 022 to resolve the issue. For OpenBSD version 7.5, apply errata 009 to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-10933

Affected Products

Openbsd

CVE-2024-10933

Weakness Enumeration

Related Identifiers

Affected Products

References · 8