ALT-PU-2022-2920-1

Package update arj in branch sisyphus

Version3.10.22-alt9

Published2022-10-25

Max severityMEDIUM

Severity:

Closed issues (1)

MEDIUM5.8

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

Published: 2015-04-08Modified: 2025-04-12

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P

References

Closed bugs (1)

Зависает при создании архивов