CVE-2011-4675

EUVD-2011-4593
The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
widelands
bookworm
2:1.1-3
fixed
bullseye
1:21-1
fixed
sid
2:1.2-2
fixed
trixie
2:1.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
widelands
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
https://exchange.xforce.ibmcloud.com/vulnerabilities/71626
http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
https://exchange.xforce.ibmcloud.com/vulnerabilities/71626