CVE-2015-0857

moderate-risk
Published 2016-05-06

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.

Do I need to act?

~
3.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Tardiff

Affected Vendors

Tardiff Project Debian

References (6)

http://www.debian.org/security/2016/dsa-3562
https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204...
https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=a18e8df51511...
http://www.debian.org/security/2016/dsa-3562
https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204...
https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=a18e8df51511...
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 7/34 · Low