CVE-2011-4675

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
widelandswidelands
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
widelands
bullseye
1:21-1
fixed
bookworm
2:1.1-3
fixed
sid
2:1.2-2
fixed
trixie
2:1.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
widelands
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
https://exchange.xforce.ibmcloud.com/vulnerabilities/71626
http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
https://exchange.xforce.ibmcloud.com/vulnerabilities/71626