Search

Find a vulnerability

Search criteria

    1 vulnerability by AVAST Software s.r.o.

    JVNDB-2015-000160

    Vulnerability from jvndb - Published: 2015-10-16 14:00 - Updated:2015-10-20 17:56
    Severity
    N/A (UNKNOWN) - -
    Summary
    Avast vulnerable to directory traversal
    Details
    Avast contains an issue in processing archive files, which may result in a directory traversal (CWE-22) vulnerability. When an archive file such as zip is detected as containing a virus and the included virus file is being moved or deleted, the operation is done to the file path inside the archive file. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000160.html",
      "dc:date": "2015-10-20T17:56+09:00",
      "dcterms:issued": "2015-10-16T14:00+09:00",
      "dcterms:modified": "2015-10-20T17:56+09:00",
      "description": "Avast contains an issue in processing archive files, which may result in a directory traversal (CWE-22) vulnerability.\r\nWhen an archive file such as zip is detected as containing a virus and the included virus file is being moved or deleted, the operation is done to the file path inside the archive file.\r\n\r\nRyohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000160.html",
      "sec:cpe": {
        "#text": "cpe:/a:avast:avast_antivirus",
        "@product": "avast Antivirus",
        "@vendor": "AVAST Software s.r.o.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000160",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN25576608/index.html",
          "@id": "JVN#25576608",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5662",
          "@id": "CVE-2015-5662",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5662",
          "@id": "CVE-2015-5662",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "Avast vulnerable to directory traversal"
    }