CVE-2020-29050

NameCVE-2020-29050
DescriptionSphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2882-1, DSA-5036-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sphinxsearch (PTS)stretch2.2.11-1.1vulnerable
stretch (security)2.2.11-1.1+deb9u1fixed
buster2.2.11-2vulnerable
buster (security)2.2.11-2+deb10u1fixed
bookworm, sid2.2.11-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sphinxsearchsourcestretch2.2.11-1.1+deb9u1DLA-2882-1
sphinxsearchsourcebuster2.2.11-2+deb10u1DSA-5036-1
sphinxsearchsource(unstable)2.2.11-3

Notes

Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035
and https://github.com/manticoresoftware/manticoresearch/commit/6e597ff61e1e910559f6ed541ff32520085af6aa
Backported patch: https://salsa.debian.org/debian/sphinxsearch/-/blob/4d6fe40644130308604845db43d3588e715ec85d/debian/patches/06-CVE-2020-29050.patch

Search for package or bug name: Reporting problems