Published: 01/03/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Subscribe to Linux Enterprise Software Development Kit

The build package prior to 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

Vulnerable Product	Search on Vulmon	Subscribe to Product
suse linux enterprise software development kit 12
suse linux enterprise software development kit 11
opensuse leap 42.3
opensuse leap 42.2

Debian Bug report logs - #887306 obs-build: CVE-2017-14804: Exploit extractbuild to write to files in the host system Package: src:obs-build; Maintainer for src:obs-build is Héctor Orón Martínez <zumbi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 14 Jan 2018 19:48:02 UTC Severity: ...

CWE-20 https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887306 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-14804

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect