Published: 13/04/2018 Updated: 03/12/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

diffoscope prior to 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
reproducible builds diffoscope
debian debian linux 9.0

Debian Bug report logs - #854723 diffoscope: CVE-2017-0359: writes to arbitrary locations on disk based on the contents of an untrusted archive Package: diffoscope; Maintainer for diffoscope is Reproducible builds folks <reproducible-builds@listsaliothdebianorg>; Source for diffoscope is src:diffoscope (PTS, buildd, popcon) ...

It has been discovered that diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive ...

NVD-CWE-noinfo https://security-tracker.debian.org/tracker/CVE-2017-0359 https://bugs.debian.org/854723 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723 https://nvd.nist.gov https://security.archlinux.org/CVE-2017-0359

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-0359

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect