Unrated severityNVD Advisory· Published Dec 27, 2023· Updated Aug 2, 2024
Zip Path Traversal in Deepin-Compressor
CVE-2023-50255
Description
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Range: < 5.12.21
- osv-coords5 versionspkg:rpm/opensuse/deepin-compressor&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/deepin-compressor&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/deepin-compressor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/deepin-compressor&distro=SUSE%20Package%20Hub%2015%20SP4pkg:rpm/suse/deepin-compressor&distro=SUSE%20Package%20Hub%2015%20SP5
< 5.12.2-bp154.2.3.1+ 4 more
- (no CPE)range: < 5.12.2-bp154.2.3.1
- (no CPE)range: < 5.12.13-bp155.2.3.1
- (no CPE)range: < 5.12.13-2.1
- (no CPE)range: < 5.12.2-bp154.2.3.1
- (no CPE)range: < 5.12.13-bp155.2.3.1
- Range: < 5.12.21
Patches
Vulnerability mechanics
References
2- github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6mitrex_refsource_MISC
- github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.