VDB
CVE-2017-5982
CVE-2017-5982
PUBLISHED
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
EPSS 86.42% · 99.4th percentile
Risk Scores
EPSS Score
86.42%
99.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | kodi | 2:20.5+dfsg-1ubuntu1, *, * |
| Ubuntu:18.04:LTS | kodi | *, 2:17.3+dfsg1-3, 2:17.3+dfsg1-3build1 |
| Ubuntu:25.10 | kodi | 2:21.2+dfsg-1build2, 2:21.2+dfsg-4, 2:21.2+dfsg-4build1 |
| Ubuntu:22.04:LTS | kodi | 0, 2:19.1+dfsg2-2, 2:19.3+dfsg1-1 |
| Ubuntu:16.04:LTS | kodi | 0, 15.1+dfsg1-3, 15.2+dfsg1-1build1 |
Exploit Intelligence
- http://packetstormsecurity.com/files/141043/Kodi-17.1-Arbitrary-File-Disclosure.html (nist-nvd)
- http://seclists.org/fulldisclosure/2017/Feb/27 (nist-nvd)
- https://www.exploit-db.com/exploits/41312/ (nist-nvd)
- CIRCL seen: CVE-2017-5982 (circl-sighting)
- CIRCL seen: CVE-2017-5982 (circl-sighting)
- CIRCL seen: CVE-2017-5982 (circl-sighting)
- 96481 (circl)
- [debian-lts-announce] 20240123 [SECURITY] [DLA 3712-1] kodi security update (circl)
- Kodi 17.0 Local File Inclusion Exploit (0day-today)
- Kodi 17.0 Local File Inclusion Exploit (0day-today)
…and 6 more exploits
Timeline
- Feb 28, 2017 CVE Published
- Mar 12, 2017 PoC Published
- May 29, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-5982 third-party-advisory
- http://seclists.org/fulldisclosure/2017/Feb/27 third-party-advisory
- http://trac.kodi.tv/ticket/17314 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-5982 third-party-advisory