CVE-2018-0496

NameCVE-2018-0496
DescriptionDirectory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1686-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freedink-dfarc (PTS)stretch3.12-1+deb9u1fixed
buster3.14-1fixed
bookworm, sid, bullseye3.14-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freedink-dfarcsourcejessie3.12-1+deb8u1DLA-1686-1
freedink-dfarcsourcestretch3.12-1+deb9u1
freedink-dfarcsource(unstable)3.14-1

Notes

https://savannah.gnu.org/forum/forum.php?forum_id=9169
https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f45125126439ba9333cf2d2998

Search for package or bug name: Reporting problems