user/fastjar: multiple vulnerabilities
Bugzilla ID | 136 |
Alias(es) | CVE-2010-0831, CVE-2010-2322 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-31 07:00:26 -0500 |
Modified | 2020-06-22 06:08:04 -0500 |
Status | UNCONFIRMED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / minor |
Package(s) | user/fastjar |
Description
CVE-2010-0831: https://nvd.nist.gov/vuln/detail/CVE-2010-0831
Directory traversal vulnerability in the extract_jar function in
jartool.c in FastJar 0.98 allows remote attackers to create or
overwrite arbitrary files via a .. (dot dot) in a non-initial pathname
component in a filename within a .jar archive, a related issue to
CVE-2005-1080. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2006-3619.
CVE-2010-2322: https://nvd.nist.gov/vuln/detail/CVE-2010-2322
Absolute path traversal vulnerability in the extract_jar function in
jartool.c in FastJar 0.98 allows remote attackers to create or
overwrite arbitrary files via a full pathname for a file within a .jar
archive, a related issue to CVE-2010-0831. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2006-3619.