Avoid Unexpected Directory Traversal on Untrusted File Systems
CVE-2024-10933
5MEDIUM
Summary
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.
Affected Version(s)
OpenBSD 7.5 < 7.5 errata 009
OpenBSD 7.4 < 7.4 errata 022
OpenBSD 7.5 errata 009
References
CVSS V3.1
Score:
5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved