CVE-2020-10870

NameCVE-2020-10870
DescriptionZim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs954810

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zim (PTS)stretch0.65-4vulnerable
buster0.68-1vulnerable
bullseye, sid0.72.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zimsource(unstable)0.72.1-1unimportant954810

Notes

https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028
Negligible security impact

Search for package or bug name: Reporting problems