- Description
- Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:P
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnu_patch:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "664022CA-1CFD-4919-BB94-F4F4F6D37201",
"versionEndIncluding": "2.6.1"
},
{
"criteria": "cpe:2.3:a:gnu:gnu_patch:2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "817481F2-877C-4851-A4F3-F991ADA26381"
},
{
"criteria": "cpe:2.3:a:gnu:gnu_patch:2.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62276D98-5C81-4AAE-9DA9-760A1E799707"
},
{
"criteria": "cpe:2.3:a:gnu:gnu_patch:2.5.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79A0F364-725D-481A-A2C0-FAE80DFFA9F6"
},
{
"criteria": "cpe:2.3:a:gnu:gnu_patch:2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "190EBEDE-B589-48F1-AA99-F0E21CE5CB47"
}
],
"operator": "OR"
}
]
}
]