Published: 12/05/2017 Updated: 26/05/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

In FlightGear prior to 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.

Vulnerable Product	Search on Vulmon	Subscribe to Product
flightgear flightgear

Debian Bug report logs - #862689 flightgear: CVE-2017-8921 Package: src:flightgear; Maintainer for src:flightgear is Debian FlightGear Crew <team+flightgear@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 15 May 2017 20:09:01 UTC Severity: grave Tags: patch, security, upstream F ...

CWE-22 https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862689 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-8921

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect