Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ID-software libdigidoc ‘handleStartDataFile’函数路径遍历漏洞
Vulnerability Description
libdigidoc是美国ID Software公司的一个用于处理数字签名的文件库。 ID-software 3.7.2之前的版本中使用的libdigidoc 3.6.0.0版本中的DigiDocSAXParser.c文件中的‘handleStartDataFile’函数中存在绝对路径遍历漏洞。远程攻击者可借助DDOC文件中以“/”或“\”开头的文件名,利用该漏洞覆盖任意文件。
CVSS Information
N/A
Vulnerability Type
N/A