VDB
CVE-2013-5648
CVE-2013-5648
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.
EPSS 0.60% · 69.9th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
0.60%
69.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| id | libdigidoc | 3.6.0.0 |
| id | id-software | 3.7, 3.7.1 |
Timeline
- Aug 29, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- http://www.id.ee/?lang=en&id=34283#3_7_2 url
- https://bugs.mageia.org/show_bug.cgi?id=11100 url
- http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markup url
- https://bugzilla.redhat.com/show_bug.cgi?id=1002299 url
- https://nvd.nist.gov/vuln/detail/CVE-2013-5648 advisory