Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-6232

Published: 02/08/2016 Updated: 28/11/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Canonical

Vulnerability Summary

Directory traversal vulnerability in KArchive prior to 5.24, as used in KDE Frameworks, allows remote malicious users to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 15.10

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

kde karchives

Vendor Advisories

Debian CVElist Bug Report Logs: kde4libs: CVE-2016-6232: Extraction of tar files possible to arbitrary system locations
Debian Bug report logs - #832620 kde4libs: CVE-2016-6232: Extraction of tar files possible to arbitrary system locations Package: src:kde4libs; Maintainer for src:kde4libs is Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 27 Jul 2016 ...
Debian Security Advisories: DSA-3643-1 kde4libs -- security update
Andreas Cord-Landwehr discovered that kde4libs, the core libraries for all KDE 4 applications, do not properly handle the extraction of archives with "/" in the file paths A remote attacker can take advantage of this flaw to overwrite files outside of the extraction folder, if a user is tricked into extracting a specially crafted archive For th ...
Ubuntu Security Notice: kde4libs vulnerability
KDE-Libs could be made to overwrite files ...
Ubuntu Security Notice: kconfig, kde4libs vulnerabilities
KConfig and KDE libraries could be made to crash or run programs if it opened a specially crafted file ...

References

CWE-22https://quickgit.kde.org/?p=karchive.git&a=commit&h=0cb243f64eef45565741b27364cece7d5c349c37http://www.ubuntu.com/usn/USN-3042-1http://www.openwall.com/lists/oss-security/2016/07/16/2https://www.kde.org/info/security/advisory-20160724-1.txthttp://www.openwall.com/lists/oss-security/2016/07/16/3http://www.securityfocus.com/bid/91806http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00023.htmlhttp://www.debian.org/security/2016/dsa-3643https://usn.ubuntu.com/4100-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832620https://nvd.nist.govhttps://usn.ubuntu.com/3042-1/https://www.debian.org/security/./dsa-3643
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook