CVE-2025-49466

Name
CVE-2025-49466
Description
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://git.sr.ht/~rjarry/aerc/commit/2bbe75fe0bc87ab4c1e16c5a18c6200224391629
cve@mitre.org https://git.sr.ht/~rjarry/aerc/commit/93bec0de8ed5ab3d6b1f01026fe2ef20fa154329

Match rules

CPE URI Source package Min version Max version
aerc >= 0 < 93bec0de8ed5ab3d6b1f01026fe2ef20fa154329

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
aerc edge-community 0.18.2-r2 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.19.0-r0 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.19.0-r1 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.20.1-r0 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.20.1-r1 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.20.1-r2 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.20.1-r3 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.20.1-r4 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.20.1-r5 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.20.1-r6 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.20.1-r7 Steven Guikal <void@fluix.one> possibly vulnerable
aerc 3.22-community 0.18.2-r7 Steven Guikal <void@fluix.one> possibly vulnerable
aerc 3.22-community 0.20.1-r6 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.21.0-r0 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.21.0-r1 Steven Guikal <void@fluix.one> possibly vulnerable
aerc 3.22-community 0.20.1-r7 Steven Guikal <void@fluix.one> possibly vulnerable
aerc edge-community 0.21.0-r2 Steven Guikal <void@fluix.one> possibly vulnerable
aerc 3.22-community 0.20.1-r8 Steven Guikal <void@fluix.one> possibly vulnerable