Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2013-5648

Published: 29/08/2013 Updated: 30/08/2013
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Id-software

Vulnerability Summary

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software prior to 3.7.2 and other products, allows remote malicious users to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.

Vulnerable Product Search on Vulmon Subscribe to Product

id id-software 3.7.1

id libdigidoc 3.6.0.0

id id-software 3.7

References

CWE-22https://bugs.mageia.org/show_bug.cgi?id=11100https://bugzilla.redhat.com/show_bug.cgi?id=1002299http://www.id.ee/?lang=en&id=34283#3_7_2http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markuphttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook