CVE-2024-25711

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-25711

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25711.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-25711

Aliases

Related

Published

2024-02-27T02:15:06Z

Modified

2024-09-18T03:25:54.292844Z

Summary

[none]

Details

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

References

Affected packages

Debian:11 / diffoscope

Package

Name: diffoscope
Purl: pkg:deb/debian/diffoscope?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

177

178

179

180~bpo11+1

180

181

182

183

184

185~bpo11+1

185

186~bpo11+1

186

187~bpo11+1

187

188~bpo11+1

188

189~bpo11+1

189

190

191

192

193

194~bpo11+1

194

195

196~bpo11+1

196

197

198

199~bpo11+1

199

200~bpo11+1

200

201~bpo11+1

201

202

203

204

205

206~bpo11+1

206

207

208

209

210

211~bpo11+1

211

212

213

214

215

216

217

218

219

220

221~bpo11+1

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238~bpo11+1

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / diffoscope

Package

Name: diffoscope
Purl: pkg:deb/debian/diffoscope?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

240

240+deb12u1

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / diffoscope

Package

Name: diffoscope
Purl: pkg:deb/debian/diffoscope?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

256

Affected versions

Other

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

Ecosystem specific

{
    "urgency": "not yet assigned"
}