CVE-2017-8921

NONE EPSS 69.6%
Published May 12, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 12, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.

Threat Intelligence

EPSS Exploit Probability
69.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 1

VendorProductVersionRange
flightgearflightgear* ≤2017.2

References 1

  • sourceforge.net https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/
    Issue TrackingPatchThird Party Advisory

Remediation

  • sourceforge.net https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/
    Issue TrackingPatchThird Party Advisory