CVE-2024-25711

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-25711
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25711.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-25711
Aliases
Related
Published
2024-02-27T02:15:06Z
Modified
2024-09-18T03:25:54.292844Z
Summary
[none]
Details

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

References

Affected packages

Debian:11 / diffoscope

Package

Name
diffoscope
Purl
pkg:deb/debian/diffoscope?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

177
178
179
180~bpo11+1
180
181
182
183
184
185~bpo11+1
185
186~bpo11+1
186
187~bpo11+1
187
188~bpo11+1
188
189~bpo11+1
189
190
191
192
193
194~bpo11+1
194
195
196~bpo11+1
196
197
198
199~bpo11+1
199
200~bpo11+1
200
201~bpo11+1
201
202
203
204
205
206~bpo11+1
206
207
208
209
210
211~bpo11+1
211
212
213
214
215
216
217
218
219
220
221~bpo11+1
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238~bpo11+1
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / diffoscope

Package

Name
diffoscope
Purl
pkg:deb/debian/diffoscope?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

240
240+deb12u1
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / diffoscope

Package

Name
diffoscope
Purl
pkg:deb/debian/diffoscope?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
256

Affected versions

Other

240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255

Ecosystem specific

{
    "urgency": "not yet assigned"
}