← volver
CVE-2024-10933

OpenBSD readdir directory traversal

CVSS 4.1 MEDIUMEPSS 0.3%CWE-22
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
OpenBSD · OpenBSD

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sighttps://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig