Search
Find a vulnerability
Search criteria
6 vulnerabilities found for arj_archiver by arj_software
CVE-2015-2782 (GCVE-0-2015-2782)
Vulnerability from nvd – Published: 2015-04-08 18:00 – Updated: 2024-08-06 05:24
VLAI
EPSS
VEX
Summary
Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2015/03/28/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2015/03/29/1 | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/201612-15 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/73413 | vdb-entryx_refsource_BID |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.debian.org/security/2015/dsa-3213 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2014-12-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150328 CVE Request: arj: free on invalid pointer due to to buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/5"
},
{
"name": "[oss-security] 20150329 Re: CVE Request: arj: free on invalid pointer due to to buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/1"
},
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "73413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73413"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20150328 CVE Request: arj: free on invalid pointer due to to buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/5"
},
{
"name": "[oss-security] 20150329 Re: CVE Request: arj: free on invalid pointer due to to buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/1"
},
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "73413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73413"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-2782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150328 CVE Request: arj: free on invalid pointer due to to buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/5"
},
{
"name": "[oss-security] 20150329 Re: CVE Request: arj: free on invalid pointer due to to buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/1"
},
{
"name": "MDVSA-2015:201",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "GLSA-201612-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "73413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73413"
},
{
"name": "FEDORA-2015-5524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-2782",
"datePublished": "2015-04-08T18:00:00.000Z",
"dateReserved": "2015-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:24:38.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0557 (GCVE-0-2015-0557)
Vulnerability from nvd – Published: 2015-04-08 18:00 – Updated: 2024-08-06 04:10
VLAI
EPSS
VEX
Summary
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2015/01/05/9 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/201612-15 | vendor-advisoryx_refsource_GENTOO |
| http://www.openwall.com/lists/oss-security/2015/01/03/5 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.debian.org/security/2015/dsa-3213 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/71895 | vdb-entryx_refsource_BID |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
Date Public
2015-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"name": "71895",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"name": "71895",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:201",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"name": "71895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71895"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0557",
"datePublished": "2015-04-08T18:00:00.000Z",
"dateReserved": "2015-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:10:11.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0556 (GCVE-0-2015-0556)
Vulnerability from nvd – Published: 2015-04-08 18:00 – Updated: 2024-08-06 04:10
VLAI
EPSS
VEX
Summary
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2015/01/05/9 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/201612-15 | vendor-advisoryx_refsource_GENTOO |
| http://www.openwall.com/lists/oss-security/2015/01/03/5 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/71860 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2015/dsa-3213 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
Date Public
2015-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "71860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71860"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "71860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71860"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:201",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "71860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71860"
},
{
"name": "DSA-3213",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0556",
"datePublished": "2015-04-08T18:00:00.000Z",
"dateReserved": "2015-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:10:11.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0557 (GCVE-0-2015-0557)
Vulnerability from cvelistv5 – Published: 2015-04-08 18:00 – Updated: 2024-08-06 04:10
VLAI
EPSS
VEX
Summary
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2015/01/05/9 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/201612-15 | vendor-advisoryx_refsource_GENTOO |
| http://www.openwall.com/lists/oss-security/2015/01/03/5 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.debian.org/security/2015/dsa-3213 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/71895 | vdb-entryx_refsource_BID |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
Date Public
2015-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"name": "71895",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"name": "71895",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:201",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"name": "71895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71895"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0557",
"datePublished": "2015-04-08T18:00:00.000Z",
"dateReserved": "2015-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:10:11.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0556 (GCVE-0-2015-0556)
Vulnerability from cvelistv5 – Published: 2015-04-08 18:00 – Updated: 2024-08-06 04:10
VLAI
EPSS
VEX
Summary
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2015/01/05/9 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/201612-15 | vendor-advisoryx_refsource_GENTOO |
| http://www.openwall.com/lists/oss-security/2015/01/03/5 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/71860 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2015/dsa-3213 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
Date Public
2015-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "71860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71860"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "71860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71860"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:201",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/9"
},
{
"name": "GLSA-201612-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/5"
},
{
"name": "FEDORA-2015-5524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "71860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71860"
},
{
"name": "DSA-3213",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0556",
"datePublished": "2015-04-08T18:00:00.000Z",
"dateReserved": "2015-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:10:11.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2782 (GCVE-0-2015-2782)
Vulnerability from cvelistv5 – Published: 2015-04-08 18:00 – Updated: 2024-08-06 05:24
VLAI
EPSS
VEX
Summary
Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2015/03/28/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2015/03/29/1 | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/201612-15 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/73413 | vdb-entryx_refsource_BID |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.debian.org/security/2015/dsa-3213 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2014-12-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150328 CVE Request: arj: free on invalid pointer due to to buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/5"
},
{
"name": "[oss-security] 20150329 Re: CVE Request: arj: free on invalid pointer due to to buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/1"
},
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "73413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73413"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20150328 CVE Request: arj: free on invalid pointer due to to buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/5"
},
{
"name": "[oss-security] 20150329 Re: CVE Request: arj: free on invalid pointer due to to buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/1"
},
{
"name": "MDVSA-2015:201",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "GLSA-201612-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "73413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73413"
},
{
"name": "FEDORA-2015-5524",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-2782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150328 CVE Request: arj: free on invalid pointer due to to buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/5"
},
{
"name": "[oss-security] 20150329 Re: CVE Request: arj: free on invalid pointer due to to buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/1"
},
{
"name": "MDVSA-2015:201",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201"
},
{
"name": "FEDORA-2015-5546",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html"
},
{
"name": "GLSA-201612-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-15"
},
{
"name": "73413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73413"
},
{
"name": "FEDORA-2015-5524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html"
},
{
"name": "DSA-3213",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3213"
},
{
"name": "FEDORA-2015-5603",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-2782",
"datePublished": "2015-04-08T18:00:00.000Z",
"dateReserved": "2015-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:24:38.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}