Vulnerability Description
Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Widelands | Widelands | - |
Related Weaknesses (CWE)
References
- http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021PatchRelease NotesThird Party Advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960Issue TrackingThird Party Advisory
- http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021PatchRelease NotesThird Party Advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960Issue TrackingThird Party Advisory
FAQ
What is CVE-2011-1932?
CVE-2011-1932 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used fo...
How severe is CVE-2011-1932?
CVE-2011-1932 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1932?
Check the references section above for vendor advisories and patch information. Affected products include: Widelands Widelands.