CVE-2024-25711
Published Feb 27, 2024
Last updated 9 months ago
Overview
- Description
- diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
Social media
- Hype score
- Not currently trending