Avoid Unexpected Directory Traversal on Untrusted File Systems
CVE-2024-10933

5MEDIUM

Key Information:

Vendor: OpenBSD
Status: OpenBSD
Vendor: CVE Published:; 5 December 2024

What is CVE-2024-10933?

In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.

Affected Version(s)

OpenBSD 7.5 < 7.5 errata 009

OpenBSD 7.4 < 7.4 errata 022

OpenBSD 7.5 errata 009

References

https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/02...

https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/00...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 6, 2024