Home

CVE-2016-6232

Description

Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
5.654

Associated Vulnerability

VulnerabilityOS Platform
KDE 4 core applications and libraries (USN-3042-1) libkdecore5_4.14.13-0ubuntu1.1_i386.debLinux
KDE 4 core applications and libraries (USN-3042-1) libkdecore5_4.14.13-0ubuntu1.1_amd64.debLinux
configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.16-0ubuntu3.3_i386.debLinux
configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.16-0ubuntu3.3_amd64.debLinux
configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.38-0ubuntu3.1_i386.debLinux
configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.38-0ubuntu3.1_amd64.debLinux
configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.38-0ubuntu6.1_i386.debLinux
configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.38-0ubuntu6.1_amd64.debLinux
configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.18.0-0ubuntu1.1_i386.debLinux
configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.18.0-0ubuntu1.1_amd64.debLinux
configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.44.0-0ubuntu1.1_i386.debLinux
configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.44.0-0ubuntu1.1_amd64.debLinux
configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.56.0-0ubuntu1.1_i386.debLinux
configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.56.0-0ubuntu1.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234