Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

• S1 – Steal Customer Account Information

EPSS

Score: 0.00836
Percentile: 0.73686

CVSS Scoring

Mapped CWE(s)

• CWE-22 : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*
• cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

← Back to Home