UBUNTU-CVE-2017-1000420

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2017-1000420
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000420.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-1000420
Upstream
Withdrawn
2025-07-18T16:44:21Z
Published
2018-01-02T19:29:00Z
Modified
2025-07-17T16:53:42Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite

References

Affected packages

Ubuntu:18.04:LTS / syncthing

Package

Name
syncthing
Purl
pkg:deb/ubuntu/syncthing@0.14.43+ds1-6?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.14.43+ds1-6

Affected versions

0.*

0.14.36+ds1-1
0.14.38+ds1-1
0.14.43+ds1-5

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "0.14.43+ds1-6",
            "binary_name": "golang-github-syncthing-syncthing-dev"
        },
        {
            "binary_version": "0.14.43+ds1-6",
            "binary_name": "syncthing"
        },
        {
            "binary_version": "0.14.43+ds1-6",
            "binary_name": "syncthing-dbgsym"
        },
        {
            "binary_version": "0.14.43+ds1-6",
            "binary_name": "syncthing-discosrv"
        },
        {
            "binary_version": "0.14.43+ds1-6",
            "binary_name": "syncthing-discosrv-dbgsym"
        },
        {
            "binary_version": "0.14.43+ds1-6",
            "binary_name": "syncthing-relaysrv"
        },
        {
            "binary_version": "0.14.43+ds1-6",
            "binary_name": "syncthing-relaysrv-dbgsym"
        }
    ]
}