fkie_cve-2024-10933
Vulnerability from fkie_nvd
Published
2024-12-05 20:15
Modified
2025-09-23 12:54
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openbsd | * | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D679C29F-8245-4A14-AC52-BC9F5EF8DC9B",
"versionEndExcluding": "7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:-:*:*:*:*:*:*",
"matchCriteriaId": "AC3B964B-B0DA-4ED4-92CA-22CA55FB1799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_001:*:*:*:*:*:*",
"matchCriteriaId": "6AFCBC1B-71F7-48E0-B276-8FDC3150E6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_002:*:*:*:*:*:*",
"matchCriteriaId": "DD66EC2F-ACFA-436D-81AB-AB1B0DF9A262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_003:*:*:*:*:*:*",
"matchCriteriaId": "17D59A8B-EAE5-4E22-939A-EB7DF64A6F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_004:*:*:*:*:*:*",
"matchCriteriaId": "B6CAD278-E505-40F7-9FDB-EF46E38CBECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_005:*:*:*:*:*:*",
"matchCriteriaId": "985AA19C-C3F9-4DD3-BFE8-CF481D6FFC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_006:*:*:*:*:*:*",
"matchCriteriaId": "86698949-1025-4EFA-814C-D66DF8FC22E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_007:*:*:*:*:*:*",
"matchCriteriaId": "04776818-C23B-460A-81C2-FF0E99DFD7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_008:*:*:*:*:*:*",
"matchCriteriaId": "2A491657-819C-407D-8CE7-3F22857C20D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_009:*:*:*:*:*:*",
"matchCriteriaId": "8BB8DEB9-C6D2-443E-AF59-6F9041511F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_010:*:*:*:*:*:*",
"matchCriteriaId": "5B950A6E-CF52-46BF-8ACA-EB7013406BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_011:*:*:*:*:*:*",
"matchCriteriaId": "7127734F-4434-4A81-842E-6C4263118DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_012:*:*:*:*:*:*",
"matchCriteriaId": "61C72FF4-2FCA-4DF6-A290-E9DBDA960F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_013:*:*:*:*:*:*",
"matchCriteriaId": "593087F6-2F44-42E7-97E8-8892A9039F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_014:*:*:*:*:*:*",
"matchCriteriaId": "EC15CFD5-7347-4BC7-AED0-FF679F1D9901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_015:*:*:*:*:*:*",
"matchCriteriaId": "EA6F5029-7EF5-48DA-AA7D-E71D30609B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_016:*:*:*:*:*:*",
"matchCriteriaId": "EF51BAF3-2DBF-4168-81A5-50098FCB9632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_017:*:*:*:*:*:*",
"matchCriteriaId": "E8EBB1C5-6A72-4DE7-B13D-E1F3CA7492A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_018:*:*:*:*:*:*",
"matchCriteriaId": "75E72DB3-4B70-4CEC-8E6F-185319899C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_019:*:*:*:*:*:*",
"matchCriteriaId": "01BE65E3-E5A9-41F9-8C80-B901F30DC92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_020:*:*:*:*:*:*",
"matchCriteriaId": "B344BAB4-0DA9-4CB4-AF05-685B658EE500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_021:*:*:*:*:*:*",
"matchCriteriaId": "4E385693-C25A-4100-9295-D4EB0D4585E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any \u0027/\u0027 in readdir name validation to avoid unexpected directory traversal on untrusted file systems."
},
{
"lang": "es",
"value": "En OpenBSD 7.5 antes de la errata 009 y OpenBSD 7.4 antes de la errata 022, excluya cualquier \u0027/\u0027 en la validaci\u00f3n del nombre readdir para evitar un directory traversal inesperado en sistemas de archivos que no sean de confianza."
}
],
"id": "CVE-2024-10933",
"lastModified": "2025-09-23T12:54:18.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
},
"published": "2024-12-05T20:15:21.417",
"references": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig"
}
],
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…