CVE-2021-3806 | THREATINT

Description

A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.

PUBLISHED Reserved 2021-09-16 | Published 2021-09-18 | Updated 2026-05-18 | Assigner TR-CERT

MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

Any version before 0.1.0~beta10

affected

Credits

Mehmet INCE from PRODAFT finder

References

www.usom.gov.tr/bildirim/tr-21-0754

pentest.blog/...inux-distro-remote-code-execution-0day-2021/

www.usom.gov.tr/bildirim/tr-21-0754 broken-link government-resource

pentest.blog/...inux-distro-remote-code-execution-0day-2021/

siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-21-0754 government-resource

cve.org (CVE-2021-3806)

nvd.nist.gov (CVE-2021-3806)

Download JSON