Skip to main content

Ytnef CVE-2017-6306

HIGH
Path Traversal (CWE-22)
2017-02-24 cve@mitre.org
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 24, 2017 - 04:59 cve.org
HIGH 7.8

DescriptionCVE.org

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."

AnalysisAI

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c." Affected products include: Ytnef Project Ytnef, Debian Debian Linux. Version information: before 1.9.1..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

More in Ytnef

View all
CVE-2017-9146 HIGH POC
8.8 May 22

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before

CVE-2021-3404 HIGH POC
7.8 Mar 04

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potential

CVE-2021-3403 HIGH POC
7.8 Mar 04

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and

CVE-2017-6800 HIGH POC
7.5 Mar 10

An issue was discovered in ytnef before 1.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl

CVE-2017-9058 CRITICAL
9.8 May 18

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZ

CVE-2017-9473 MEDIUM POC
5.5 Jun 07

In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory co

CVE-2017-9471 MEDIUM POC
5.5 Jun 07

In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based bu

CVE-2017-9470 MEDIUM POC
5.5 Jun 07

In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer

CVE-2017-9474 MEDIUM POC
5.5 Jun 07

In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-bas

CVE-2017-9472 MEDIUM POC
5.5 Jun 07

In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based b

CVE-2017-6304 HIGH
7.8 Feb 24

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication r

CVE-2017-6301 HIGH
7.8 Feb 24

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication r

Share

CVE-2017-6306 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy