Home > Vulnerability Database > CVE-2024-10933

Mend.io Vulnerability Database

CVE-2024-10933

Date: December 5, 2024

In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.

Language: C

Severity Score

5.0

Related Resources (4)

Url: https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-10933

Url: https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig

Url: https://www.mend.io/vulnerability-database/CVE-2024-10933

Severity Score

5.0

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-10933

Date: December 5, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?