Vulnerability Description
Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dinknetwork | Dfarc | < 3.14 |
| Dinknetwork | Dfarc2 | < 3.14 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f4PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2019/02/msg00033.htmlMailing ListThird Party Advisory
- https://savannah.gnu.org/forum/forum.php?forum_id=9169Vendor Advisory
- https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f4PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2019/02/msg00033.htmlMailing ListThird Party Advisory
- https://savannah.gnu.org/forum/forum.php?forum_id=9169Vendor Advisory
FAQ
What is CVE-2018-0496?
CVE-2018-0496 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the u...
How severe is CVE-2018-0496?
CVE-2018-0496 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0496?
Check the references section above for vendor advisories and patch information. Affected products include: Dinknetwork Dfarc, Dinknetwork Dfarc2, Debian Debian Linux.