CVE-2023-28371

Name
CVE-2023-28371
Description
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb
MISC https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7
MISC https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KG6UNRAOYZJSMIUELY3MMJ5J6LIUZXLT/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REDZB5J7WDN2P3NYWFO2NNJXSTOFUUKM/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQ4ZGY5MDDHBEOQTD4IIA2RFID3ATPXA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KG6UNRAOYZJSMIUELY3MMJ5J6LIUZXLT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REDZB5J7WDN2P3NYWFO2NNJXSTOFUUKM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQ4ZGY5MDDHBEOQTD4IIA2RFID3ATPXA/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:stellarium:stellarium:*:*:*:*:*:*:*:* stellarium >= None <= 1.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
stellarium 3.17-community 1.0-r1 Drew DeVault <sir@cmpwn.com> possibly vulnerable