Upstream information
Description
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 7.8 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2023:0423-1, published Sat Dec 30 22:54:14 2023
- openSUSE-SU-2023:0424-1, published Sat Dec 30 22:54:14 2023
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Package Hub 15 SP4 |
| Patchnames: openSUSE-2023-424 |
| SUSE Package Hub 15 SP5 |
| Patchnames: openSUSE-2023-423 |
| openSUSE Leap 15.4 |
| Patchnames: openSUSE-2023-424 |
| openSUSE Leap 15.5 |
| Patchnames: openSUSE-2023-423 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA deepin-compressor-5.12.13-2.1 |
SUSE Timeline for this CVE
CVE page created: Wed Dec 27 19:00:31 2023CVE page last modified: Thu Jan 4 21:37:25 2024