CVE-2024-10933

MEDIUM EPSS 17.9%
Published Dec 5, 20241y ago · Modified Jun 17, 20261w ago
4.1 CVSS 4.0
Medium
Find Similar
Published Dec 5, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.

CVSS Details

Base Score
4.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
17.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 23

VendorProductVersionRange
openbsdopenbsd* <7.4
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any
openbsdopenbsd7.4any

References 2

  • ftp.openbsd.org https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig
    Patch
  • ftp.openbsd.org https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig
    Patch

Remediation

  • ftp.openbsd.org https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig
    Patch
  • ftp.openbsd.org https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig
    Patch