Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2015-04-08T18:00:00
Updated: 2017-06-30T16:57:01
Reserved: 2015-01-05T00:00:00
Link: CVE-2015-0557
JSON object: View
NVD Information
Status : Modified
Published: 2015-04-08T18:59:04.890
Modified: 2017-07-01T01:29:13.047
Link: CVE-2015-0557
JSON object: View
Redhat Information
No data.
CWE