UBUNTU-CVE-2017-17520

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-17520

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17520.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-17520

Withdrawn

2025-06-23T15:53:03Z

Published

2017-12-14T16:29:00Z

Modified

2017-12-14T16:29:00Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

** DISPUTED ** tools/urlhandler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "urlhandler.pl was designed to work together with tin which only issues shell escaped absolute URLs."

References

Affected packages

Ubuntu:Pro:16.04:LTS / tin

Package

Name: tin
Purl: pkg:deb/ubuntu/tin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.3.1-1build1

1:2.3.2-1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17520.json"

Ubuntu:Pro:18.04:LTS / tin

Package

Name: tin
Purl: pkg:deb/ubuntu/tin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.4.1-1

1:2.4.1-1build1

1:2.4.1-1build2

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17520.json"

Ubuntu:20.04:LTS / tin

Package

Name: tin
Purl: pkg:deb/ubuntu/tin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.4.4~20190307-1build1

1:2.4.4-1

1:2.4.4-1build1

1:2.4.4-1build2

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17520.json"

Ubuntu:22.04:LTS / tin

Package

Name: tin
Purl: pkg:deb/ubuntu/tin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.4.6~20210225-1

1:2.6.0-1

1:2.6.1~20211026-1

1:2.6.1-1

1:2.6.1-1build1

1:2.6.2~20220129-1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17520.json"

Ubuntu:24.04:LTS / tin

Package

Name: tin
Purl: pkg:deb/ubuntu/tin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.6.3~20230803-1

1:2.6.3~20231002-1

1:2.6.3~20231106-2

1:2.6.3~20231201-1

1:2.6.3~20231201-1build1

1:2.6.3-1

1:2.6.4~20240224-1

1:2.6.4~20240224-1build1

1:2.6.4~20240224-1build2

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-17520.json"