Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2019-9686

Published: 11/03/2019 Updated: 09/11/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Pacman

Vulnerability Summary

pacman prior to 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pacman project pacman

Vendor Advisories

Arch Linux Issues:
pacman prior to version 513 allows directory traversal when installing a remote package via a specified URL "pacman -U &lt;url&gt;" due to an unsanitized file name received from a Content-Disposition header pacman renames the downloaded package file to match the name given in this header However, pacman did not sanitize this name, which may con ...

References

CWE-22https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bdehttps://nvd.nist.govhttps://security.archlinux.org/CVE-2019-9686
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook