Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by reproducible_builds
CVE-2024-25711 (GCVE-0-2024-25711)
Vulnerability from cvelistv5 – Published: 2024-02-11 00:00 – Updated: 2025-11-04 18:29
VLAI
Summary
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T15:22:42.884446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T15:59:03.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:29:37.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361"
},
{
"tags": [
"x_transferred"
],
"url": "https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/dfed769904c27d66a14a5903823d9c8c5aae860e"
},
{
"name": "FEDORA-2024-3383326db4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUNBANAWD6TZH2NRRV4YUIAXEHLUJQ47/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUNBANAWD6TZH2NRRV4YUIAXEHLUJQ47/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T02:06:05.997Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361"
},
{
"url": "https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/dfed769904c27d66a14a5903823d9c8c5aae860e"
},
{
"name": "FEDORA-2024-3383326db4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUNBANAWD6TZH2NRRV4YUIAXEHLUJQ47/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25711",
"datePublished": "2024-02-11T00:00:00.000Z",
"dateReserved": "2024-02-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:29:37.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-0359 (GCVE-0-2017-0359)
Vulnerability from cvelistv5 – Published: 2018-04-13 16:00 – Updated: 2024-09-16 17:38
VLAI
Title
diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive
Summary
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.
Severity
No CVSS data available.
CWE
- writes to arbitrary locations
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/854723 | x_refsource_CONFIRM |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Debian | diffoscope |
Affected:
before 77
|
Date Public
2017-02-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:56.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/854723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "diffoscope",
"vendor": "Debian",
"versions": [
{
"status": "affected",
"version": "before 77"
}
]
}
],
"datePublic": "2017-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "writes to arbitrary locations",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-13T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/854723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0359"
}
],
"source": {
"advisory": "https://bugs.debian.org/854723",
"discovery": "UNKNOWN"
},
"title": "diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2017-02-09T21:14:00.000Z",
"ID": "CVE-2017-0359",
"STATE": "PUBLIC",
"TITLE": "diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "diffoscope",
"version": {
"version_data": [
{
"version_value": "before 77"
}
]
}
}
]
},
"vendor_name": "Debian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "writes to arbitrary locations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/854723",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/854723"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-0359",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0359"
}
]
},
"source": {
"advisory": "https://bugs.debian.org/854723",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-0359",
"datePublished": "2018-04-13T16:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:38:23.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}