Vulnerability Details CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.4%
CVSS Severity
CVSS v3 Score 7.5
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUNBANAWD6TZH2NRRV4YUIAXEHLUJQ47/
- https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/dfed769904c27d66a14a5903823d9c8c5aae860e
- https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUNBANAWD6TZH2NRRV4YUIAXEHLUJQ47/
- https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/dfed769904c27d66a14a5903823d9c8c5aae860e
- https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
Products affected by CVE-2024-25711
-
cpe:2.3:a:reproducible_builds:diffoscope:1
-
cpe:2.3:a:reproducible_builds:diffoscope:10
-
cpe:2.3:a:reproducible_builds:diffoscope:100
-
cpe:2.3:a:reproducible_builds:diffoscope:101
-
cpe:2.3:a:reproducible_builds:diffoscope:102
-
cpe:2.3:a:reproducible_builds:diffoscope:103
-
cpe:2.3:a:reproducible_builds:diffoscope:104
-
cpe:2.3:a:reproducible_builds:diffoscope:105
-
cpe:2.3:a:reproducible_builds:diffoscope:106
-
cpe:2.3:a:reproducible_builds:diffoscope:107
-
cpe:2.3:a:reproducible_builds:diffoscope:108
-
cpe:2.3:a:reproducible_builds:diffoscope:11
-
cpe:2.3:a:reproducible_builds:diffoscope:110
-
cpe:2.3:a:reproducible_builds:diffoscope:111
-
cpe:2.3:a:reproducible_builds:diffoscope:112
-
cpe:2.3:a:reproducible_builds:diffoscope:113
-
cpe:2.3:a:reproducible_builds:diffoscope:114
-
cpe:2.3:a:reproducible_builds:diffoscope:115
-
cpe:2.3:a:reproducible_builds:diffoscope:116
-
cpe:2.3:a:reproducible_builds:diffoscope:117
-
cpe:2.3:a:reproducible_builds:diffoscope:118
-
cpe:2.3:a:reproducible_builds:diffoscope:119
-
cpe:2.3:a:reproducible_builds:diffoscope:12
-
cpe:2.3:a:reproducible_builds:diffoscope:120
-
cpe:2.3:a:reproducible_builds:diffoscope:121
-
cpe:2.3:a:reproducible_builds:diffoscope:122
-
cpe:2.3:a:reproducible_builds:diffoscope:123
-
cpe:2.3:a:reproducible_builds:diffoscope:124
-
cpe:2.3:a:reproducible_builds:diffoscope:125
-
cpe:2.3:a:reproducible_builds:diffoscope:126
-
cpe:2.3:a:reproducible_builds:diffoscope:127
-
cpe:2.3:a:reproducible_builds:diffoscope:128
-
cpe:2.3:a:reproducible_builds:diffoscope:129
-
cpe:2.3:a:reproducible_builds:diffoscope:13
-
cpe:2.3:a:reproducible_builds:diffoscope:130
-
cpe:2.3:a:reproducible_builds:diffoscope:131
-
cpe:2.3:a:reproducible_builds:diffoscope:132
-
cpe:2.3:a:reproducible_builds:diffoscope:133
-
cpe:2.3:a:reproducible_builds:diffoscope:14
-
cpe:2.3:a:reproducible_builds:diffoscope:15
-
cpe:2.3:a:reproducible_builds:diffoscope:16
-
cpe:2.3:a:reproducible_builds:diffoscope:17
-
cpe:2.3:a:reproducible_builds:diffoscope:18
-
cpe:2.3:a:reproducible_builds:diffoscope:19
-
cpe:2.3:a:reproducible_builds:diffoscope:2
-
cpe:2.3:a:reproducible_builds:diffoscope:20
-
cpe:2.3:a:reproducible_builds:diffoscope:21
-
cpe:2.3:a:reproducible_builds:diffoscope:22
-
cpe:2.3:a:reproducible_builds:diffoscope:23
-
cpe:2.3:a:reproducible_builds:diffoscope:24
-
cpe:2.3:a:reproducible_builds:diffoscope:25
-
cpe:2.3:a:reproducible_builds:diffoscope:26
-
cpe:2.3:a:reproducible_builds:diffoscope:27
-
cpe:2.3:a:reproducible_builds:diffoscope:28
-
cpe:2.3:a:reproducible_builds:diffoscope:29
-
cpe:2.3:a:reproducible_builds:diffoscope:3
-
cpe:2.3:a:reproducible_builds:diffoscope:30
-
cpe:2.3:a:reproducible_builds:diffoscope:31
-
cpe:2.3:a:reproducible_builds:diffoscope:32
-
cpe:2.3:a:reproducible_builds:diffoscope:33
-
cpe:2.3:a:reproducible_builds:diffoscope:34
-
cpe:2.3:a:reproducible_builds:diffoscope:35
-
cpe:2.3:a:reproducible_builds:diffoscope:36
-
cpe:2.3:a:reproducible_builds:diffoscope:37
-
cpe:2.3:a:reproducible_builds:diffoscope:38
-
cpe:2.3:a:reproducible_builds:diffoscope:39
-
cpe:2.3:a:reproducible_builds:diffoscope:4
-
cpe:2.3:a:reproducible_builds:diffoscope:40
-
cpe:2.3:a:reproducible_builds:diffoscope:41
-
cpe:2.3:a:reproducible_builds:diffoscope:42
-
cpe:2.3:a:reproducible_builds:diffoscope:43
-
cpe:2.3:a:reproducible_builds:diffoscope:44
-
cpe:2.3:a:reproducible_builds:diffoscope:45
-
cpe:2.3:a:reproducible_builds:diffoscope:46
-
cpe:2.3:a:reproducible_builds:diffoscope:47
-
cpe:2.3:a:reproducible_builds:diffoscope:48
-
cpe:2.3:a:reproducible_builds:diffoscope:49
-
cpe:2.3:a:reproducible_builds:diffoscope:5
-
cpe:2.3:a:reproducible_builds:diffoscope:50
-
cpe:2.3:a:reproducible_builds:diffoscope:51
-
cpe:2.3:a:reproducible_builds:diffoscope:52
-
cpe:2.3:a:reproducible_builds:diffoscope:53
-
cpe:2.3:a:reproducible_builds:diffoscope:54
-
cpe:2.3:a:reproducible_builds:diffoscope:55
-
cpe:2.3:a:reproducible_builds:diffoscope:56
-
cpe:2.3:a:reproducible_builds:diffoscope:57
-
cpe:2.3:a:reproducible_builds:diffoscope:58
-
cpe:2.3:a:reproducible_builds:diffoscope:59
-
cpe:2.3:a:reproducible_builds:diffoscope:6
-
cpe:2.3:a:reproducible_builds:diffoscope:60
-
cpe:2.3:a:reproducible_builds:diffoscope:61
-
cpe:2.3:a:reproducible_builds:diffoscope:62
-
cpe:2.3:a:reproducible_builds:diffoscope:63
-
cpe:2.3:a:reproducible_builds:diffoscope:64
-
cpe:2.3:a:reproducible_builds:diffoscope:65
-
cpe:2.3:a:reproducible_builds:diffoscope:66
-
cpe:2.3:a:reproducible_builds:diffoscope:67
-
cpe:2.3:a:reproducible_builds:diffoscope:68
-
cpe:2.3:a:reproducible_builds:diffoscope:69
-
cpe:2.3:a:reproducible_builds:diffoscope:7
-
cpe:2.3:a:reproducible_builds:diffoscope:70
-
cpe:2.3:a:reproducible_builds:diffoscope:71
-
cpe:2.3:a:reproducible_builds:diffoscope:72
-
cpe:2.3:a:reproducible_builds:diffoscope:73
-
cpe:2.3:a:reproducible_builds:diffoscope:74
-
cpe:2.3:a:reproducible_builds:diffoscope:75
-
cpe:2.3:a:reproducible_builds:diffoscope:76
-
cpe:2.3:a:reproducible_builds:diffoscope:77
-
cpe:2.3:a:reproducible_builds:diffoscope:78
-
cpe:2.3:a:reproducible_builds:diffoscope:79
-
cpe:2.3:a:reproducible_builds:diffoscope:8
-
cpe:2.3:a:reproducible_builds:diffoscope:80
-
cpe:2.3:a:reproducible_builds:diffoscope:81
-
cpe:2.3:a:reproducible_builds:diffoscope:82
-
cpe:2.3:a:reproducible_builds:diffoscope:83
-
cpe:2.3:a:reproducible_builds:diffoscope:84
-
cpe:2.3:a:reproducible_builds:diffoscope:85
-
cpe:2.3:a:reproducible_builds:diffoscope:86
-
cpe:2.3:a:reproducible_builds:diffoscope:87
-
cpe:2.3:a:reproducible_builds:diffoscope:88
-
cpe:2.3:a:reproducible_builds:diffoscope:89
-
cpe:2.3:a:reproducible_builds:diffoscope:9
-
cpe:2.3:a:reproducible_builds:diffoscope:90
-
cpe:2.3:a:reproducible_builds:diffoscope:91
-
cpe:2.3:a:reproducible_builds:diffoscope:92
-
cpe:2.3:a:reproducible_builds:diffoscope:93
-
cpe:2.3:a:reproducible_builds:diffoscope:94
-
cpe:2.3:a:reproducible_builds:diffoscope:95
-
cpe:2.3:a:reproducible_builds:diffoscope:96
-
cpe:2.3:a:reproducible_builds:diffoscope:97
-
cpe:2.3:a:reproducible_builds:diffoscope:98
-
cpe:2.3:a:reproducible_builds:diffoscope:99
-
cpe:2.3:o:fedoraproject:fedora:39