Vulnerability Description
Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Id | Id-Software | 3.7 |
| Id | Libdigidoc | 3.6.0.0 |
Related Weaknesses (CWE)
References
- http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoPatch
- http://www.id.ee/?lang=en&id=34283#3_7_2
- https://bugs.mageia.org/show_bug.cgi?id=11100
- https://bugzilla.redhat.com/show_bug.cgi?id=1002299
- http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoPatch
- http://www.id.ee/?lang=en&id=34283#3_7_2
- https://bugs.mageia.org/show_bug.cgi?id=11100
- https://bugzilla.redhat.com/show_bug.cgi?id=1002299
FAQ
What is CVE-2013-5648?
CVE-2013-5648 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers t...
How severe is CVE-2013-5648?
CVE-2013-5648 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5648?
Check the references section above for vendor advisories and patch information. Affected products include: Id Id-Software, Id Libdigidoc.