CVE-2024-10933

OpenBSD readdir directory traversal

CVSS 4.1 MEDIUMEPSS 0.3%CWE-22

In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

OpenBSD · OpenBSD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig