CVE-2015-1038

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

Published : 2015-01-21 18:59 Updated : 2017-09-08 01:29

5.8
CVSS Score More info
Score 5.8 / 10
5.8
Vendor Product Version URI
7-zip P7zip 9.20.1 cpe:/a:7-zip:p7zip:9.20.1
Fedoraproject Fedora 22 cpe:/o:fedoraproject:fedora:22
Fedoraproject Fedora 23 cpe:/o:fedoraproject:fedora:23
Oracle Solaris 10.0 cpe:/o:oracle:solaris:10.0
Oracle Solaris 11.2 cpe:/o:oracle:solaris:11.2
  1. Fedoraproject (1) Search CVE
    1. Fedora (2) Search CVE
      1. 22
      2. 23
  2. Oracle (1) Search CVE
    1. Solaris (2) Search CVE
      1. 10.0
      2. 11.2
  3. 7-zip (1) Search CVE
    1. P7zip (1) Search CVE
      1. 9.20.1

CWE

ID Name Description Links
CWE-59 Improper Link Resolution Before File Access ('Link Following') The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. CVE

History of changes

Date Event
2017-09-08 05:33
2015-01-21 18:59

New CVE