CVE-2013-5648
Description
Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Debian Fixed 3 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 0 |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 0 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| id | id-software | 3.7 | |
| id | id-software | 3.7.1 | |
| id | libdigidoc | 3.6.0.0 | |
References
- http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markup
- http://www.id.ee/?lang=en&id=34283#3_7_2
- https://bugs.mageia.org/show_bug.cgi?id=11100
- https://bugzilla.redhat.com/show_bug.cgi?id=1002299
- https://security-tracker.debian.org/tracker/CVE-2013-5648
CWEs
CWE-22
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.