rpm package
opensuse/diffoscope&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/diffoscope&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-25711 | — | < 261-1.1 | 261-1.1 | Feb 11, 2024 | diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted. | ||
| CVE-2017-0359 | — | < 183-1.2 | 183-1.2 | Apr 13, 2018 | diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. |
- CVE-2024-25711Feb 11, 2024affected < 261-1.1fixed 261-1.1
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.
- CVE-2017-0359Apr 13, 2018affected < 183-1.2fixed 183-1.2
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.