Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: debian
Published: 2015-04-08T18:00:00
Updated: 2024-08-06T04:10:11.059Z
Reserved: 2015-01-05T00:00:00
Link: CVE-2015-0557

No data.

Status : Modified
Published: 2015-04-08T18:59:04.890
Modified: 2024-11-21T02:23:18.443
Link: CVE-2015-0557

No data.