In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 23 Sep 2025 13:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:-:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_001:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_002:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_003:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_004:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_005:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_006:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_007:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_008:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_009:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_010:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_011:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_012:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_013:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_014:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_015:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_016:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_017:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_018:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_019:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_020:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:7.4:errata_021:*:*:*:*:*:*

Thu, 05 Dec 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 05 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Description In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.
Title OpenBSD readdir directory traversal
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 4.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published:

Updated: 2024-12-05T20:40:58.356Z

Reserved: 2024-11-06T18:12:15.857Z

Link: CVE-2024-10933

cve-icon Vulnrichment

Updated: 2024-12-05T20:40:51.206Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-05T20:15:21.417

Modified: 2025-09-23T12:54:18.160

Link: CVE-2024-10933

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:31:57Z