CVE-2013-4668

Published Jul 18, 2013

Last updated 4 years ago

CVSS info 5.0

Overview

Description: Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:file_roller_project:file_roller:*:*:*:*:*:gnome:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCD7AC63-A29C-44D5-8311-6CACD4298495",
            "versionEndExcluding": "3.6.4",
            "versionStartIncluding": "3.6.0"
          },
          {
            "criteria": "cpe:2.3:a:file_roller_project:file_roller:*:*:*:*:*:gnome:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D7A934D-8A7F-402A-8BEC-A527F149B8EF",
            "versionEndExcluding": "3.8.3",
            "versionStartIncluding": "3.8.0"
          },
          {
            "criteria": "cpe:2.3:a:file_roller_project:file_roller:*:*:*:*:*:gnome:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4988FA37-4D11-46F4-B542-794F60EC839B",
            "versionEndExcluding": "3.9.3",
            "versionStartIncluding": "3.9.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References