uudecode, as available in the sharutils package prior to 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow malicious users to overwrite files or execute commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu sharutils 4.2 |