CVE-2015-0557

Description

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

References

https://security.gentoo.org/glsa/201612-15

http://www.securityfocus.com/bid/71895

http://www.openwall.com/lists/oss-security/2015/01/05/9

http://www.openwall.com/lists/oss-security/2015/01/03/5

http://www.mandriva.com/security/advisories?name=MDVSA-2015:201

http://www.debian.org/security/2015/dsa-3213

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3