CVE-2011-1932

Description

Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game.

How to fix CVE-2011-1932

To remediate CVE-2011-1932, upgrade the affected package to a fixed version below.

• Debian/widelands—upgrade to 1:15-3 or later

Is CVE-2011-1932 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:15-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1932