| Name | CVE-2020-29050 |
| Description | SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-2882-1, DSA-5036-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| sphinxsearch (PTS) | buster, buster (security) | 2.2.11-2+deb10u1 | fixed |
| sid, trixie, bookworm | 2.2.11-8 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| sphinxsearch | source | stretch | 2.2.11-1.1+deb9u1 | DLA-2882-1 | ||
| sphinxsearch | source | buster | 2.2.11-2+deb10u1 | DSA-5036-1 | ||
| sphinxsearch | source | (unstable) | 2.2.11-3 |
Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035
and https://github.com/manticoresoftware/manticoresearch/commit/6e597ff61e1e910559f6ed541ff32520085af6aa
Backported patch: https://salsa.debian.org/debian/sphinxsearch/-/blob/4d6fe40644130308604845db43d3588e715ec85d/debian/patches/06-CVE-2020-29050.patch